Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 10:Trojan:Win32/Ymacco.AA84

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 02.02.2021, 23:42   #1
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Hey. Jemand hat mir Link zu einem Torrent geschickt mit einem Spiel und meinte ich soll es mir mal ausprobieren..normalerweise halte ich mich ja von solchem Kram fern, ich hab das nur damals in meiner Jugend vielleicht hier und da mal gemacht (sonst wäre mein Steamaccount mittlerweile ein wenig Geldverschwendung). Nun ja kommen wir mal zum Punkt. .exe ausgeführt, Windows blockiert wegen Trojaner..ich denke mir Windows irrt sich einfach und erlaube es trotzdem..nichts passiert außer eine Meldung von GIMP irgendetwas nicht richtig installiert (in diesem Moment hab ich erfahren das die Person scheinbar einfach den erst besten Link rausgesucht hat und sich die Dateien gar nicht angeschaut hat..).

Danach hab ich das ganze mal auf Virustotal geworfen, wo folgendes rauskam:

Link von VirusTotal: https://www.virustotal.com/gui/file/843aaa8076501d2ad8dba88525640162f4b9bb96312f0937472c75d8543393f1/behavior


Nach dem Löschen der Dateien findet Windows & Malwarebytes hat Windows nichts mehr gefunden. Das einzige was ich bisher getan habe (außer Malwarebytes & Windows Scan) war nur die IP-Adressen-Bereich (1-255) die damit verbunden waren zu sperren.

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2021
Ran by **** (02-02-2021 22:54:33)
Running from C:\Users\****\Desktop
Windows 10 Pro Version 20H2 19042.746 (X64) (2020-12-11 01:52:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-629832801-3061168427-1117579530-500 - Administrator - Disabled)
**** (S-1-5-21-629832801-3061168427-1117579530-1001 - Administrator - Enabled) => C:\Users\****
DefaultAccount (S-1-5-21-629832801-3061168427-1117579530-503 - Limited - Disabled)
Guest (S-1-5-21-629832801-3061168427-1117579530-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-629832801-3061168427-1117579530-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AI Noise-Canceling Microphone (HKLM\...\AI Noise-Canceling Microphone) (Version: 1.0.1.9 - ASUSTek Computer Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.59 - ASUSTeK Computer Inc.)
Amazon WorkSpaces (HKLM-x32\...\{6DDE53C5-D069-4273-9770-F9B013FB381E}) (Version: 3.1.2.1844 - Amazon Web Services, Inc)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 3.3.7 - ASUS)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version:  - Ubisoft)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{c6059da6-7c2c-4aff-99e6-a524262404ad}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{1ed19b57-ef0e-474d-946f-aac911f8b0e3}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.03 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{161cc9f2-e50c-4561-a999-15cf3133a1d3}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.04.21 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.39 - ASUSTeK Computer Inc.) Hidden
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.14 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.14 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{1dd27167-f40c-47db-9e8f-b2f5d210f173}) (Version: 3.04.32 - ASUSTeK Computer Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Battlestate Games Launcher 10.4.4.1239 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.4.1239 - Battlestate Games)
BeamMP Launcher (HKLM\...\{0D8B7A7C-5EA7-41FF-8736-FEF9CF648661}) (Version: 1.80.5 - BeamMP) Hidden
BeamMP Launcher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\BeamMP Launcher 1.80.5) (Version: 1.80.5 - BeamMP)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
CORSAIR iCUE Software (HKLM-x32\...\{74AF4222-AABF-462F-B0CC-59A4BF827F8C}) (Version: 3.36.125 - Corsair)
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CPUID ROG CPU-Z 1.93 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1387 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Dashlane) (Version: 6.2103.0.42861 - Dashlane, Inc.)
DB Browser for SQLite (HKLM\...\{05578DF5-8497-4177-970D-702309C5D897}) (Version: 3.12.1 - DB Browser for SQLite Team)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 3.1.0 - Docker Inc.)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.9.10519 - Battlestate Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Excel (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.21 - Folding@home.org)
FTB App (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Overwolf_cmogmmciplgmocnhikmphehmeecmpaggknkjlbag) (Version: 1.0.12 - Overwolf app)
Futuremark SystemInfo (HKLM-x32\...\{F608ED5F-3818-4F87-A277-E52E8790C039}) (Version: 5.35.871.0 - Futuremark)
Git version 2.29.2.3 (HKLM\...\Git_is1) (Version: 2.29.2.3 - The Git Development Community)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2189.0 - Rockstar Games)
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.3 - HexChat)
HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz)
icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{C28C9D95-66E3-48A9-8CC4-A517661DD132}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{D3B94F9C-CBFC-4571-B30B-7665B3A9DB4F}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{10764165-E41B-4A08-B2B0-950EA48A27AC}) (Version: 19.0.281 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{E1F68FC9-F23C-4F44-8092-CAC55E43A80B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lily (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Lily) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.13530.20440 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM\...\{0AF3B52A-F38D-4D63-9F72-73623C601CD9}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM-x32\...\{BF16A1DB-06A6-4A8E-B7A8-61F1F9C9FBA3}) (Version: 15.0.1200.24 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
MySQL Connector Net 8.0.22 (HKLM-x32\...\{F7CB561A-E6E8-4B53-887B-DE2215BCA4C4}) (Version: 8.0.22 - Oracle)
NeoFly (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\2eedfbc2cc1a251c) (Version: 2.33.0.4 - NeoFly)
Node.js (HKLM\...\{7667E0D6-09E5-4146-94B0-F8918EC5A692}) (Version: 15.4.0 - Node.js Foundation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13530.20440 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera GX Stable 72.0.3815.487 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Opera GX 72.0.3815.487) (Version: 72.0.3815.487 - Opera Software)
Oracle VM VirtualBox 6.1.16 (HKLM\...\{6BC7BBCE-9202-4698-B866-F02AACB838C7}) (Version: 6.1.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.162.0.13 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory)
PDF24 Creator 10.0.7 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.7 - PDF24.org)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PowerPoint (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
RAGE Multiplayer (HKLM-x32\...\RAGE Multiplayer) (Version: 0.0.1.1 - )
RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.18 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
RetroArch 1.9.0 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\RetroArch) (Version: 1.9.0 - libretro)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.)
Sandboxie 5.46.5 (64-bit) (HKLM\...\Sandboxie) (Version: 5.46.5 - sandboxie-plus.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
The Alchemyst Tale version 0.9.2a (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ED583D84-DF75-4411-80DB-7FE5AD2F07F7}_is1) (Version: 0.9.2a - Night Games)
Twine 2.3.9 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\09757d2a-5a16-578f-a64f-297ed0213ec0) (Version: 2.3.9 - Chris Klimas)
TyperSolver (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\TyperSolver) (Version: 2.1.2 - ProTypers)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 118.0.10358 - Ubisoft)
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{21928C37-911F-4FC7-936F-720AB8739C0E}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\00cf5edf) (Version: 16.8.30804.86 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{A90E107F-D024-4EEC-A6F4-9E2858B4E506}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6013F369-D916-4C44-A79F-B1A35AEDAEBB}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{0F772F74-D1D4-4D63-B37D-FBBC3D9581C7}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
War Thunder Launcher 1.0.3.260 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Network)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WeMod (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\WeMod) (Version: 6.3.12 - WeMod)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
XAMPP (HKLM\...\xampp) (Version: 8.0.0-2 - Bitnami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.3.7.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.)
Bridge Constructor Portal -> C:\Program Files\WindowsApps\HeadupGames.BridgeConstructorPortal_5.0.173.2_x64__zedvb25zy7eke [2021-02-02] (Headup Games)
Control PCGP -> C:\Program Files\WindowsApps\505GAMESS.P.A.ControlPCGP_1.0.5.0_x64__tefn33qh9azfc [2021-01-22] (505 GAMES S.P.A.)
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.6.0.0_x64__ey8k8hqnwqnmg [2021-01-15] (Kali Linux)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.12.13.0_x64__8wekyb3d8bbwe [2020-12-23] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-11] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.36.4251.0_x64__8wekyb3d8bbwe [2021-01-26] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21056.0_x64__8wekyb3d8bbwe [2021-01-21] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-21] (NVIDIA Corp.)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64__qbz5n2kfra8p0 [2020-12-26] (Python Software Foundation)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.98.921.2_x64__8wekyb3d8bbwe [2021-01-30] (ms-resource:PublisherDisplayName)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-30] (Spotify AB) [Startup Task]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2021-01-31] (Canonical Group Limited)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2021-02-01] (word.office.com)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-21] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\****\anaconda3\Scripts\activate.bat C:\Users\****\anaconda3
ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda32).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\****\anaconda32\Scripts\activate.bat C:\Users\****\anaconda32
ShortcutWithArgument: C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cf42999f6561ff23\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2020-07-08 18:42 - 2020-07-08 18:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 18:42 - 2020-07-08 18:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 18:16 - 2020-07-14 18:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-12-10 23:51 - 2020-01-08 13:33 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000884224 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000999936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000987648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000950784 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2020-12-11 00:03 - 2020-02-20 10:02 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll
2020-12-10 23:51 - 2020-03-31 10:32 - 001164800 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2020-12-10 23:51 - 2020-03-31 10:31 - 005844612 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2020-12-10 23:51 - 2019-05-13 17:44 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2020-12-10 23:51 - 2019-05-13 17:44 - 000681984 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2020-12-10 18:59 - 2019-12-23 19:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2020-04-22 16:35 - 2020-04-22 16:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2020-12-10 23:51 - 2020-02-11 16:02 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\libprotobufd.dll
2020-12-10 23:51 - 2020-02-11 16:05 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\Exeio.dll
2020-11-23 18:42 - 2020-11-23 18:42 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-11-23 18:03 - 2020-11-23 18:03 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-11-23 18:03 - 2020-11-23 18:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2020-05-26 18:08 - 2020-05-26 18:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2020-12-10 18:59 - 2019-10-24 12:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
2021-01-26 21:44 - 2021-01-26 21:44 - 000684544 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieDll.dll
2021-01-26 21:48 - 2021-01-26 21:48 - 000121344 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SboxHostDll.dll
2020-10-21 10:59 - 2020-10-21 10:59 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-12-10 18:59 - 2019-06-26 17:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2020-12-10 18:59 - 2019-06-26 17:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2020-12-10 19:00 - 2020-05-14 16:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2020-12-10 19:00 - 2020-05-14 16:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-12-10 23:51 - 2020-02-11 16:05 - 000362496 _____ (TODO: <Company name>) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\AsusGpuTweak.dll
2020-12-10 18:59 - 2019-07-31 15:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-629832801-3061168427-1117579530-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-01-24 10:14 - 000000273 _____ C:\Windows\system32\drivers\etc\hosts

192.168.0.194 host.docker.internal
192.168.0.194 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\FAHClient;C:\Program Files\Git\cmd;C:\Program Files\nodejs\;C:\Program Files\dotnet\;C:\xampp\php;C:\composer;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\****-wallpaper.png
DNS Servers: 172.18.0.24 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Hamachi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "RamCache III "
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7786DD0F-901A-45AA-AE81-45B7F72AA411}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{F10D5C2E-C3F9-4448-B969-4095E26396E6}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{D3A95F79-C63F-44D1-9C8F-00D19B09A2CC}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{474D76C7-C620-4D70-B4E1-CF116A2571A4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1A2A2F1E-2F38-44E1-A11F-9BBE5CA5FA4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3213FC6A-A6BD-4291-9525-1063D682644D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{19113434-D2A4-47D4-99F6-9BF78374FB44}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C0849312-FD2B-4BF5-ADA6-0F703CBD5A08}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7B7683A1-BA79-43A9-9988-82C0B0C105DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{412B0D32-7ABD-4606-A9A0-A877DE3357B6}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1995FB57-FD38-4F25-833D-4CD96B8DEF99}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E9BCDA8E-A437-4074-903F-4F921C687CCC}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{84AC9DB7-30FC-4D2A-A13C-27F6DA69041D}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{BB4A39DA-6781-4442-869E-BC1B7F9E4A28}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{00FD46F9-7C32-4C6E-A7A1-DC224C32C4B4}] => (Allow) D:\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC -> Futuremark)
FirewallRules: [{831400C1-070D-4D5A-8421-22A3C024D9CF}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{336FD182-5415-43A4-8DFB-6C0F4B18B2B2}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{A55265F5-EE31-4421-A122-70F513EA914D}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{499377E4-3773-44C1-82DD-D3684F211E50}] => (Allow) D:\Steam\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [TCP Query User{51C398C0-B335-4D53-B5A1-0BBD0E120918}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{A16DC63B-5F41-451B-ADB5-8EC54713DA13}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{9554AB16-9EB5-4FBE-AB6A-FF0DE4943E95}] => (Allow) D:\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed]
FirewallRules: [{25C6BB4E-5AB3-4246-A1A8-8EC2741F136E}] => (Allow) D:\Steam\steamapps\common\ShareX\ShareX_Launcher.exe (ShareX Team) [File not signed]
FirewallRules: [TCP Query User{F9E2DB17-1EE1-40E9-A826-F3B9A92A010A}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{AFBBD0E6-565D-41E7-94FF-D12C364215CE}D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\steam\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [TCP Query User{D230BDB9-482A-410B-AC4E-1447E96645CA}C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [UDP Query User{1F603E99-38C5-4350-AFE4-85B2B154BD38}C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe] => (Allow) C:\users\****\appdata\local\packages\b9eced6f.armourycrate_qmba6cd70vzyy\localstate\gridupdatefile\asusgcdriverupdateclient.exe (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
FirewallRules: [{6A9D2A4E-2F28-4A2F-8219-D4233D0AAAE4}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{054648CF-7FE8-430A-BC67-CE3431597C9A}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{42165231-AF21-492D-A4F0-39B02FCA4D09}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{282F9C6F-4A8B-4640-8F00-16C0481EE1C0}] => (Allow) D:\Steam\steamapps\common\Arma 3\arma3launcher.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{7F9A4066-51C4-4E3D-8844-AE8F2C9343C1}] => (Allow) D:\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{C96188AD-7F9C-4230-92D8-B5CC4C6832B6}] => (Allow) D:\Steam\steamapps\common\Hearts of Iron IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [TCP Query User{94635BB5-A463-4037-A57C-1DF43CC4E909}D:\steam\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) D:\steam\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [UDP Query User{CDB7843D-4FB1-4313-AA0B-DD9EA494E596}D:\steam\steamapps\common\hearts of iron iv\hoi4.exe] => (Allow) D:\steam\steamapps\common\hearts of iron iv\hoi4.exe (Paradox Interactive AB (publ) -> Paradox Interactive)
FirewallRules: [TCP Query User{E865A4D0-D228-42C2-9453-F18E35C50686}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [UDP Query User{9BFC10C2-6200-4051-9563-588EAF38F5D5}C:\program files (x86)\fahclient\fahclient.exe] => (Allow) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [TCP Query User{95739962-7F64-4842-A9CD-08B68DF68D1E}C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe => No File
FirewallRules: [UDP Query User{51931B1C-BD0E-4879-9603-8F61EBEAAA20}C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\71.0.3770.456\opera.exe => No File
FirewallRules: [{406D285E-5DA8-4BAE-ABD0-F77FD572EEA8}] => (Allow) D:\Rockstar\Grand Theft Auto V\GTA5.exe => No File
FirewallRules: [{0CFA5555-0FCC-4404-9CDD-06E502AFCA3B}] => (Allow) D:\Rockstar\Grand Theft Auto V\GTA5.exe => No File
FirewallRules: [TCP Query User{166AD9F8-1415-498C-AE06-F35A2A742EEC}C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File
FirewallRules: [UDP Query User{5580287B-1474-4B39-BA59-92E7DD7A618C}C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File
FirewallRules: [{D70D9065-BE58-4813-B6A8-A73677EE5DAF}] => (Allow) D:\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> )
FirewallRules: [{D62F28AC-2F62-4DA5-9DE6-26172A0C3975}] => (Allow) D:\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe (Cryptic Studios Inc. -> )
FirewallRules: [{22518677-D12D-4129-9868-4E9906270B95}] => (Allow) D:\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{89E95977-8915-41DE-B595-3901B85E1B0C}] => (Allow) D:\Steam\steamapps\common\Europa Universalis IV\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{40F36952-9114-4C22-9DAD-94EB719F3D54}] => (Allow) D:\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{3A3BF618-4960-4E62-9151-87C4CB8F633C}] => (Allow) D:\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{3FA11582-1CC3-4929-9BB1-666DADC52E0D}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{1FAF6E54-8FA0-4977-81A0-0C61670026C7}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{94347F4B-493C-481E-BEDA-5E0FCDD86E93}D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe] => (Allow) D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [UDP Query User{AE952A3F-F52E-4073-9FD5-ADB728359A47}D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe] => (Allow) D:\steam\steamapps\common\star trek online\star trek online\live\x64\gameclient.exe (Cryptic Studios Inc. -> )
FirewallRules: [{1245A28D-07DE-416A-81F6-8F82D03C15AB}] => (Allow) D:\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe (2K Games) [File not signed]
FirewallRules: [{90A01042-0DBA-4BA6-9D2C-FFB9F74C87DA}] => (Allow) D:\Steam\steamapps\common\Mafia Definitive Edition\launcher.exe (2K Games) [File not signed]
FirewallRules: [TCP Query User{5A879F7D-F01A-44F1-899F-1688AD6E09E0}C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File
FirewallRules: [UDP Query User{1FF7308B-6CD9-4699-8E6E-34D13FC334F9}C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe] => (Block) C:\users\****\onedrive\desktop\spiele\nanotek_full0.0.1.0 (1)\windowsnoeditor\nanotek\binaries\win64\nanotek.exe => No File
FirewallRules: [TCP Query User{1AD4DB97-1BD4-46CD-89D8-B27E0D2A7413}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe
FirewallRules: [UDP Query User{A070B82E-1D43-464E-AC83-15514DF493C6}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.11\jdk-11.0.8+10-jre\bin\java.exe
FirewallRules: [TCP Query User{1A22BDD7-28D4-47E1-A81B-1E2B4F802F71}C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{303BB5BC-A377-4787-8499-E847DF78BA1C}C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\users\****\appdata\local\.ftba\bin\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{9592B8B5-A223-43B8-B8E7-D5BCC4AAC381}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{332CB269-CFEF-4435-B54B-83BD0B99079D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{624D2D14-49E5-4AE3-A490-06120B845E01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{69D8FC93-AF16-4B9F-9A84-94C2F7C1A653}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{84732AD0-A17E-4817-8DD3-D6D9B3CF8F23}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{5D90172E-8199-4B9F-809B-759830BBEEBA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{3C7BBC2C-CF43-4FB4-B749-FF37B74D0619}] => (Allow) D:\Origin\Battlefield 4\BFLauncher.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{0E0FCC45-A427-44FC-8466-17EC8629B934}] => (Allow) D:\Origin\Battlefield 4\BFLauncher.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{AA8B6ABA-05C6-4374-8412-549E1E725838}] => (Allow) D:\Origin\Battlefield 4\BFLauncher_x86.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{C95A0B3A-B8C0-48CE-BAEF-C744073EE960}] => (Allow) D:\Origin\Battlefield 4\BFLauncher_x86.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [TCP Query User{EA2880DA-29EB-4903-9F97-A37B51DEEC98}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [UDP Query User{6EFE9B51-5A34-48C3-A2BA-D30DFD1B0851}D:\origin\battlefield 4\bf4.exe] => (Allow) D:\origin\battlefield 4\bf4.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [TCP Query User{A7EA33A7-03A5-435E-BB94-8EDF1E53A516}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [UDP Query User{7A550BA4-690D-4407-8521-3F3F73EECB8E}D:\steam\steamapps\common\arma 3\arma3_x64.exe] => (Allow) D:\steam\steamapps\common\arma 3\arma3_x64.exe (BOHEMIA INTERACTIVE a.s. -> Bohemia Interactive)
FirewallRules: [{7F306528-E40A-445B-A96B-0368BAB831FA}] => (Allow) D:\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{0E291CBA-3687-4FBC-9227-1EDB8E4C2C5B}] => (Allow) D:\Steam\steamapps\common\sandstorm\InsurgencyEAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [TCP Query User{9E11AFDD-DD24-42E0-90BA-61DBE2073B0D}C:\ragemp\server-files\ragemp-server.exe] => (Allow) C:\ragemp\server-files\ragemp-server.exe () [File not signed]
FirewallRules: [UDP Query User{0C2DB987-86DE-4665-AFB5-DD1CB430C565}C:\ragemp\server-files\ragemp-server.exe] => (Allow) C:\ragemp\server-files\ragemp-server.exe () [File not signed]
FirewallRules: [{5F1BF152-9703-4BF6-8F57-24E095A38B9A}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{3C4D73EE-C904-4A5B-B5C8-6D72E2EE2F51}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe () [File not signed]
FirewallRules: [{A780C78D-BFF2-4396-A087-B2D69D114B55}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release_vr.exe () [File not signed]
FirewallRules: [{09827B56-1359-48A0-BF24-58D23790F53A}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release_vr.exe () [File not signed]
FirewallRules: [{3CAA5F39-A6F6-4103-B307-870DB52C6AB4}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{D21C719B-10B8-4778-9D1A-3009B38F1086}] => (Allow) C:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{9B29F212-0056-4E1B-9110-88C2C86B612C}] => (Allow) D:\Steam\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{153268C0-40E1-4F80-BFAA-EB5CCF5322BA}] => (Allow) D:\Steam\steamapps\common\sandstorm\Insurgency.exe (New World Interactive LLC -> Epic Games, Inc.)
FirewallRules: [{D24A86A9-8D24-48ED-9919-548103CF5063}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{345D5BF1-2A21-4EB0-857F-DD4FD7101D8C}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [TCP Query User{DCE16A07-30E9-4C74-8204-084CB569A4DD}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe
FirewallRules: [UDP Query User{9AD0786B-892A-4147-AF69-F7100FD0A106}C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe] => (Allow) C:\users\****\appdata\local\overwolf\extensions\cmogmmciplgmocnhikmphehmeecmpaggknkjlbag\1.0.12\jdk-11.0.8+10-jre\bin\java.exe
FirewallRules: [TCP Query User{966CEF76-64C6-4F3A-9E60-8C76FDC55AFB}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{13735AF7-D183-4194-B491-6485B2A076A3}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{E7661DDB-CD0A-4087-8168-FC912425AAEC}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{D94B103C-36AE-4A63-9F93-5C4E9174CFD0}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [{8D43245A-C887-44DB-A1C2-13EE5C3CE5A4}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe () [File not signed]
FirewallRules: [{797BBE4A-FEFA-456D-BE06-B8267842454F}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MK10.exe () [File not signed]
FirewallRules: [{371BE193-E022-433E-A5D3-27FBA109BE71}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe () [File not signed]
FirewallRules: [{C418BA58-2C79-43E7-9D4B-2FEDBAD6DEE9}] => (Allow) D:\Steam\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe () [File not signed]
FirewallRules: [{F6A83E72-3170-4370-99DB-B0DB481FA27F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A1232AA7-ED53-498F-8022-EE56693B66A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4B80CBDC-97FB-486E-9D31-5C9EFCD67AD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C89FE7B5-298C-4AC2-83C0-5F1448886F30}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B33A1487-0CAB-45FE-A39E-0882CC2E481A}] => (Allow) D:\Steam\steamapps\common\Power & Revolution 2019 Edition\_start.exe (Eversim -> )
FirewallRules: [{C8AE3775-02FA-47BF-8ABD-66014FC6294D}] => (Allow) D:\Steam\steamapps\common\Power & Revolution 2019 Edition\_start.exe (Eversim -> )
FirewallRules: [TCP Query User{28AC1266-FB3F-4D6B-921F-FC2BBA356A5A}C:\users\****\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\****\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B0844071-20B1-4DDF-90C6-FC0AB5D05B33}C:\users\****\appdata\local\programs\microsoft vs code\code.exe] => (Allow) C:\users\****\appdata\local\programs\microsoft vs code\code.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F52CA12-41E9-482C-B931-D309A66B9FE8}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed]
FirewallRules: [{1978891A-89B8-4010-B707-DFBB77E438EF}] => (Allow) D:\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe (Koch Media GmbH) [File not signed]
FirewallRules: [{F5035D1D-FD1F-4B29-A690-3A4422EDF8A5}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{21FA39B0-BD4B-41D5-AA28-2854ABEEB6D5}] => (Allow) D:\Steam\steamapps\common\RimWorld\RimWorldWin64.exe () [File not signed]
FirewallRules: [{85688EF7-68C5-49FB-8263-77FA3F8FCB3E}] => (Allow) D:\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{DF96DE28-DF88-4EC0-A3A0-8EAB38A053BE}] => (Allow) D:\BsgLauncher\BsgLauncher.exe (Battlestate Games Ltd -> Battlestate Games)
FirewallRules: [{7809E508-9246-4A22-8E23-223A3AAC814C}] => (Allow) D:\Steam\steamapps\common\Sherlock Holmes - Crimes and Punishments\Binaries\Win32\Sherlock.exe (Frogwares, Inc.) [File not signed]
FirewallRules: [{A14B39F2-4D15-4E12-A62C-1953BEBD413D}] => (Allow) D:\Steam\steamapps\common\Sherlock Holmes - Crimes and Punishments\Binaries\Win32\Sherlock.exe (Frogwares, Inc.) [File not signed]
FirewallRules: [TCP Query User{C102D219-355A-448A-9234-827CBD0BE4B2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File
FirewallRules: [UDP Query User{CDBE280C-CF6F-4564-A0C6-15AEFBE04BE2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.459\opera.exe => No File
FirewallRules: [{B4846605-08DC-4BFE-B0FC-76805D0418E3}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{4CB9E398-D92D-48F9-9609-91930FF8F0D6}] => (Allow) D:\Steam\steamapps\common\GarrysMod\hl2.exe () [File not signed]
FirewallRules: [{C5582861-2B08-44C9-A37B-99D1D0210B29}] => (Allow) D:\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{D723BE69-5D29-4512-B5E1-3E4F0C9C6E38}] => (Allow) D:\Steam\steamapps\common\SCP Secret Laboratory\SCPSL.exe (Hubert Moszka Northwood -> )
FirewallRules: [{EA5547FF-0ADC-4FD2-98C2-61D977414CBE}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{B97A796C-0AB0-450C-B139-4EE907D740E2}] => (Allow) D:\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{3692566E-2E64-496D-B9D1-66BDE7235CF7}] => (Allow) D:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe (BeamNG GmbH) [File not signed]
FirewallRules: [{FEEF6682-6CE5-4E29-BAE0-AAA83F893855}] => (Allow) D:\Steam\steamapps\common\BeamNG.drive\BeamNG.drive.exe (BeamNG GmbH) [File not signed]
FirewallRules: [{59AD863D-ABA4-485B-9556-CC5E8415DAE3}] => (Allow) D:\Steam\steamapps\common\Squad\squad_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{AC2654B1-6C22-453F-8D0A-D52F6824813B}] => (Allow) D:\Steam\steamapps\common\Squad\squad_launcher.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{8CFCBF1F-0A9C-44DF-82A3-3BA19FF53858}] => (Allow) D:\Steam\steamapps\common\Stormworks\stormworks64.exe () [File not signed]
FirewallRules: [{9FA6DCB8-2046-43C1-B0E2-B571D59FC31B}] => (Allow) D:\Steam\steamapps\common\Stormworks\stormworks64.exe () [File not signed]
FirewallRules: [{8FFEE9D6-F4EF-49EB-B8B7-B51B684D9963}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3EFB3A07-6D04-4113-89A7-C063BC077B32}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FE0FBA9A-CC97-454F-A9F0-4919A2DBE44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3C351192-3414-4215-93DC-63472BF382DB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3D0CEEC3-1CB2-437D-8785-DF63E6211CDF}] => (Allow) D:\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{2EEE3475-9418-4721-A0BF-5D302F7CB649}] => (Allow) D:\Steam\steamapps\common\Stellaris\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{8EBF74FD-8D9A-493B-A786-0EFF3549C4FB}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{BB141690-CC14-46E1-83C0-33AC4262082E}] => (Allow) D:\Steam\steamapps\common\Crusader Kings III\launcher\dowser.exe (Paradox Interactive AB (publ) -> )
FirewallRules: [{DDC91E8E-A45E-4243-8479-8B2BC3F4368A}] => (Allow) D:\Steam\steamapps\common\Galimulator\galimulator-windows-64bit.exe () [File not signed]
FirewallRules: [{6049F9CC-1032-485C-87C8-F2EC324710FB}] => (Allow) D:\Steam\steamapps\common\Galimulator\galimulator-windows-64bit.exe () [File not signed]
FirewallRules: [{1A4F1C4E-72AA-4241-9CA7-AE3981D99224}] => (Allow) D:\Steam\steamapps\common\I Am Your President Prologue\I Am Your President Prologue.exe () [File not signed]
FirewallRules: [{7249E6E2-275F-4B48-8DE5-82032814C5DF}] => (Allow) D:\Steam\steamapps\common\I Am Your President Prologue\I Am Your President Prologue.exe () [File not signed]
FirewallRules: [{9B7EF771-D034-46AD-BE5C-4AE09A02B49E}] => (Allow) D:\Steam\steamapps\common\Command - Modern Operations\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{E8E09B16-488A-4271-A1E9-07B31CE1752C}] => (Allow) D:\Steam\steamapps\common\Command - Modern Operations\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{206BFC6D-1B37-46D4-86A6-3FF0C054B6AD}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [{ED3C82DD-DEAB-42C9-BEAA-2A2D64ADEFCA}] => (Allow) D:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe (Frontier Developments Plc -> Frontier Developments)
FirewallRules: [{20A8D4AF-45C3-4CA3-9293-114BE875352E}] => (Allow) D:\Steam\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics) [File not signed]
FirewallRules: [{A7AB282D-DF36-46AF-80E2-F291AED14406}] => (Allow) D:\Steam\steamapps\common\DCSWorld\bin\DCS.exe (Eagle Dynamics) [File not signed]
FirewallRules: [{4DD0A5A4-940D-40BB-95B3-FFD09645BC07}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6BA58C74-E3BD-4D9C-81FA-D4920989184C}D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe (BeamNG GmbH) [File not signed]
FirewallRules: [UDP Query User{847DF0BD-CED7-45EA-B078-9072BD20BCEE}D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) D:\steam\steamapps\common\beamng.drive\bin64\beamng.drive.x64.exe (BeamNG GmbH) [File not signed]
FirewallRules: [TCP Query User{8BD13A21-C5B7-453B-915F-3867ECAD2632}C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe] => (Allow) C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe (BeamMP Mod Team -> BeamMP Mod Team) [File not signed]
FirewallRules: [UDP Query User{97BE7F60-9BD0-466C-BD35-EA8F1ADFAB99}C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe] => (Allow) C:\users\****\appdata\roaming\beammp launcher\beammp-launcher.exe (BeamMP Mod Team -> BeamMP Mod Team) [File not signed]
FirewallRules: [{24EA48E0-8C9E-4BAF-ACE5-6D171A204D15}] => (Allow) D:\Steam\steamapps\common\X4 Foundations\X4.exe (EGOSOFT GmbH) [File not signed]
FirewallRules: [{34E06D68-F5CB-4DFF-97D9-BCEEB7CE0E61}] => (Allow) D:\Steam\steamapps\common\X4 Foundations\X4.exe (EGOSOFT GmbH) [File not signed]
FirewallRules: [{4242AF25-D681-487A-990C-9F0C50579C66}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{5FF49F82-0628-47B6-82B1-519EB06E0B41}] => (Allow) D:\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [TCP Query User{9D5F1208-E85D-441C-98E7-FD15D38062B1}C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [UDP Query User{1A182303-BC64-457C-BB25-5434706C3D80}C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe] => (Allow) C:\program files (x86)\amazon web services, inc\amazon workspaces\workspaces.exe (Amazon.com Services LLC -> workspaces)
FirewallRules: [TCP Query User{1E4E019F-631E-478E-82E0-0CF99A4F74CB}C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe => No File
FirewallRules: [UDP Query User{93437765-8BD6-4187-BD02-DB5BFD8E92C0}C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe] => (Allow) C:\users\****\appdata\local\programs\opera gx\72.0.3815.465\opera.exe => No File
FirewallRules: [TCP Query User{9E808824-FC73-4727-B494-FBACC1228DE5}D:\rockstar\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{DEC69C25-F3BF-4FB2-A427-3E474029A2B7}D:\rockstar\red dead redemption 2\rdr2.exe] => (Allow) D:\rockstar\red dead redemption 2\rdr2.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{F966FB8B-4743-4027-8C9D-1FFAEE885B4D}C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [UDP Query User{19E9AC38-4DF3-4A7E-95A8-8640ED6D471A}C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe] => (Block) C:\users\****\appdata\local\temp\rar$exa29036.626\eveefangamepackage2\windowsnoeditor\engine\binaries\win64\ue4game.exe => No File
FirewallRules: [{C92232C7-777A-41EC-8CE2-F898809484C1}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{B49BC408-60AD-442C-BBEA-302EE9D1C3D3}] => (Allow) D:\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{34822F08-29B8-4996-B9E2-4EDEA3D12E3F}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{2257886E-413D-4371-AC19-DD2305B376ED}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{603F4D89-790A-40F6-AF78-5B944FFBFDC2}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{C894250D-0AF0-457D-BB84-F165A5852CBE}] => (Allow) D:\Steam\steamapps\common\Men of War Assault Squad 2\mowas_2_ed.exe (Digitalmindsoft) [File not signed]
FirewallRules: [{7151AD8A-D9F7-4112-BC27-7E1DC2F13391}] => (Allow) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A624A33C-D72D-48DB-90A5-06C4930767D9}] => (Allow) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{30B2A513-ABFA-42C0-9DC7-E6210E92BBEF}] => (Block) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{0CE0E98F-0DFB-4804-873E-4D1D8B1E6A60}] => (Block) C:\Program Files (x86)\Overwolf\0.162.0.13\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{04BCA418-C4E9-4793-9E19-DC3FA16798AF}] => (Allow) D:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe () [File not signed]
FirewallRules: [{86AD0881-AD66-4A94-B0C9-7032C2066ECD}] => (Allow) D:\Steam\steamapps\common\Universe Sandbox 2\Universe Sandbox x64.exe () [File not signed]
FirewallRules: [{09035372-09CC-4124-AFD4-286B534CE8E8}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{BA7621F0-36DF-4FDF-B97F-FD952DEAFB4A}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{3B1BA7BD-24E1-4092-89A1-55F83503A4E4}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{29C571B8-4048-4B6B-ABF1-5160425EB580}] => (Allow) D:\Steam\steamapps\common\War Thunder\launcher.exe (Gaijin Network LTD -> Gaijin)
FirewallRules: [{94C83A05-0D5A-465C-98EE-2E3EC6669924}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{EE584920-A999-4E50-BB70-61FA9C46B91A}] => (Allow) D:\Steam\steamapps\common\Mount & Blade II Bannerlord\bin\Win64_Shipping_Client\TaleWorlds.MountAndBlade.Launcher.exe (TaleWorlds Entertainment -> TaleWorlds Entertainment) [File not signed]
FirewallRules: [{723699F8-837D-445D-A7C5-1FB2331C0B58}] => (Allow) D:\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> )
FirewallRules: [{0E7D230F-5C92-4C27-886E-93440E60580C}] => (Allow) D:\Steam\steamapps\common\Forts\Forts.exe (EarthWork Games Pty Ltd -> )
FirewallRules: [TCP Query User{68BEA085-2FB6-41BE-B585-2CAB29E58A96}C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{6BB373BE-D811-453F-8A9E-0632058D00F9}C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.473\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{C52C4944-1ECF-4C90-BA65-B9CCEBCB66B9}D:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{A9212FFD-DD7C-4344-8F79-98B96D490422}D:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{0EDF318D-05E6-4776-A6B6-B536B1ED799A}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe (CCP ehf -> )
FirewallRules: [{7B8A7DFF-51F3-4D57-8E71-DFB77E7EAC40}] => (Allow) D:\Steam\steamapps\common\Eve Online\eve.exe (CCP ehf -> )
FirewallRules: [{30725E42-5266-49F2-B8C7-69B4B051D454}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{512F6FFA-BF16-4D30-81E6-8494940E2B71}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{C5E7DB74-9F53-42FA-AFB0-44F7A21EEEF1}] => (Allow) D:\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{3F01911F-2A5F-4190-A4FF-4BE6EC357D9C}] => (Allow) D:\Steam\steamapps\common\World of Warships\WorldOfWarships.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{6E7ECF0B-4187-4B6F-A70D-2BF6ECF64A71}] => (Allow) D:\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed]
FirewallRules: [{BA979165-556B-4B62-88AE-EA899C0AF410}] => (Allow) D:\Steam\steamapps\common\CookingSimulator\CookingSim.exe () [File not signed]
FirewallRules: [{FE9FB094-8CBF-4CFF-AE6A-8D79A69CA5C3}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Demo\MrPrepperDemo.exe () [File not signed]
FirewallRules: [{117D89A2-A4EE-4540-8417-EE9B657EEC69}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Demo\MrPrepperDemo.exe () [File not signed]
FirewallRules: [{86B8C81B-93D6-406F-BACB-5E1F15A1C265}] => (Allow) D:\Steam\steamapps\common\Train Station Renovation Demo\TrainStationRenovation.exe () [File not signed]
FirewallRules: [{FE8E0FB0-3D96-480B-A00F-2A8325852047}] => (Allow) D:\Steam\steamapps\common\Train Station Renovation Demo\TrainStationRenovation.exe () [File not signed]
FirewallRules: [{9BFC84D0-50C5-4B64-8795-0E7591EAF8FC}] => (Allow) D:\Steam\steamapps\common\POWER\POWER.exe (Jia Hao) [File not signed]
FirewallRules: [{6FC9F053-815A-4283-AADF-FE324AB27381}] => (Allow) D:\Steam\steamapps\common\POWER\POWER.exe (Jia Hao) [File not signed]
FirewallRules: [{BF004823-BE87-46DB-8C81-07922F8BDE75}] => (Allow) D:\Steam\steamapps\common\SCP Escape Together\SCP_ET.exe () [File not signed]
FirewallRules: [{57176285-680F-492B-91D2-509648A8A46F}] => (Allow) D:\Steam\steamapps\common\SCP Escape Together\SCP_ET.exe () [File not signed]
FirewallRules: [{71673450-8B16-45DA-9763-E26728363E9C}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{C989F6E4-39EC-43D9-9F37-140A96529AFB}] => (Allow) D:\Steam\steamapps\common\Mr. Prepper Prologue\MrPrepperPrologue.exe () [File not signed]
FirewallRules: [{B21726FF-231E-44A2-B9B6-55C6BA648CA1}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe (Ubisoft Entertainment -> )
FirewallRules: [{59549946-5754-45FB-BE74-5087241ADA9D}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFSP.exe (Ubisoft Entertainment -> )
FirewallRules: [{2FB6E3F8-E3C2-4367-8C83-1EFB5851268D}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{3FF39816-0320-492C-A24D-F80676342442}] => (Allow) D:\Assassin's Creed IV Black Flag\AC4BFMP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{0A76F963-81D6-42AF-82DD-C1C76B267A06}] => (Allow) D:\Assassin's Creed Origins\ACOrigins_plus.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{5EB552C0-672F-462D-A1E5-9A01B8D012D5}] => (Allow) D:\Assassin's Creed Origins\ACOrigins_plus.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{AB832C05-2E69-4500-87A2-9A993078E26C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{ACD1A008-E0D5-40EE-ADBF-D42FA2CBB4AF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{864F31BC-D827-4D25-A290-013E017B2728}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F70643DB-802C-4D16-A8F1-7AC3B9DB1211}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D0823587-D208-43D5-8013-E737B718C06F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{13DC820E-BF38-4DA2-BD82-10EC91E4AE0E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E2A9D566-1CB3-49ED-8457-9B9A541979EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E192947C-8C71-48F6-BCA2-5DE598965020}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C44B6CA5-CB22-4698-99B5-B0C116792D3C}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{87E156FC-1608-4010-BF4F-6218120B8FB5}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{90C041FB-C1F8-4C0F-879A-2EBA2D84C9B8}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{E2D247D8-8554-46B7-89D5-D244358EC266}] => (Allow) D:\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (FUTUREMARK INC -> )
FirewallRules: [{1AF727B1-574D-4051-BEA4-6058882B6FFF}] => (Allow) D:\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe () [File not signed]
FirewallRules: [{C56077D3-6B41-4479-985C-BCA55F06C13B}] => (Allow) D:\Steam\steamapps\common\Ultimate Epic Battle Simulator\UEBS.exe () [File not signed]
FirewallRules: [TCP Query User{D48F0460-79D5-4D21-9B22-191357C01F53}C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{103AA09B-D17A-4344-A893-021B238448D2}C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe] => (Block) C:\users\****\appdata\local\programs\opera gx\72.0.3815.487\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{46B2C95A-FB7D-4F4C-8BBA-6B600A5E27BB}] => (Allow) D:\Steam\steamapps\common\Plane Mechanic Simulator\PMS_build.exe () [File not signed]
FirewallRules: [{2E880344-D27C-4DB3-A092-CF6E4C18AAA8}] => (Allow) D:\Steam\steamapps\common\Plane Mechanic Simulator\PMS_build.exe () [File not signed]
FirewallRules: [{FF0DB466-0ABC-4E40-8540-A8C0740FD70A}] => (Allow) D:\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed]
FirewallRules: [{5FD56690-D163-455E-9516-543E32BD0423}] => (Allow) D:\Steam\steamapps\common\Ryse Son of Rome\Bin64\Ryse.exe (Crytek GmbH) [File not signed]

==================== Restore Points =========================

19-01-2021 20:24:25 Scheduled Checkpoint
21-01-2021 17:27:42 AURA Service
29-01-2021 15:25:44 DirectX wurde installiert

==================== Faulty Device Manager Devices ============

Name: PCI-Ver-/Entschlüsselungscontroller
Description: PCI-Ver-/Entschlüsselungscontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================


Error: (02/02/2021 08:03:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-GVB5PET)
Description: C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCacheMicrosoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024809

Error: (02/02/2021 07:48:21 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-GVB5PET)
Description: C:\Users\****\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalCacheMicrosoft.MicrosoftOfficeHub_8wekyb3d8bbwe-2147024809

Error: (02/02/2021 01:46:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wallpaper32.exe, Version: 1.0.0.0, Zeitstempel: 0x5fdea204
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 27.21.14.6089, Zeitstempel: 0x5fd40049
Ausnahmecode: 0xc0000005
Fehleroffset: 0x004f957c
ID des fehlerhaften Prozesses: 0x48d0
Startzeit der fehlerhaften Anwendung: 0x01d6f9590ac458df
Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvwgf2um.dll
Berichtskennung: 195a8d5e-2f88-4c64-821d-4367a61252cc
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/01/2021 08:39:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ArmourySwAgent.exe, Version: 1.0.0.13, Zeitstempel: 0x5f88fa47
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.746, Zeitstempel: 0x197b16c5
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0012a842
ID des fehlerhaften Prozesses: 0x1d50
Startzeit der fehlerhaften Anwendung: 0x01d6f8d1e73cd65a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 91181e98-3c12-46c8-a025-676c77eda975
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/01/2021 08:39:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ArmourySwAgent.exe, Version: 1.0.0.13, Zeitstempel: 0x5f88fa47
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.746, Zeitstempel: 0x197b16c5
Ausnahmecode: 0xc0020001
Fehleroffset: 0x0012a842
ID des fehlerhaften Prozesses: 0x1d50
Startzeit der fehlerhaften Anwendung: 0x01d6f8d1e73cd65a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: fffc4bbb-a7d2-4780-85bf-4f54edd27e0f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/01/2021 08:39:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: ArmourySwAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Ausnahmecode c0020001, Ausnahmeadresse 7549A842
Stapel:


System errors:
=============
Error: (02/02/2021 10:55:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/02/2021 12:46:26 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (02/01/2021 07:18:44 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (02/01/2021 07:18:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎01/‎02/‎2021 um 08:07:50 unerwartet heruntergefahren.

Error: (01/31/2021 11:24:35 AM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (01/30/2021 08:11:00 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (01/29/2021 07:28:01 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (01/29/2021 07:28:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎29/‎01/‎2021 um 19:27:18 unerwartet heruntergefahren.


Windows Defender:
===================================
Date: 2021-02-02 22:37:14.1070000Z
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5F8DBCF3-6305-4395-903A-DB02AC057A5A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Full Scan
Benutzer: DESKTOP-GVB5PET\****

Date: 2021-02-02 22:18:58.4770000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0
Name: Trojan:Win32/Ymacco.AA84
ID: 2147757276
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\****\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-GVB5PET\****
Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe
Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5




CodeIntegrity:
===================================

Date: 2021-02-02 22:37:12.2590000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-02 22:37:12.2530000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-31 11:24:58.3850000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-31 11:24:58.3670000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-25 21:53:36.4470000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-25 21:53:36.4340000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-19 04:17:42.4170000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-19 04:17:42.4030000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

----------------------------------------------------------

==================== Drives ================================

Drive a: (****) (Fixed) (Total:14.65 GB) (Free:14.37 GB) NTFS
Drive c: (Windows) (Fixed) (Total:450.5 GB) (Free:92.14 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:3726 GB) (Free:2140.28 GB) NTFS

\\?\Volume{a50c4c6e-c1c5-4737-b5d1-c330d2935c82}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{04457ac2-27bd-80ff-f2fe-af428262d882}\ () (Fixed) (Total:49.88 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{28e62878-b101-a079-8951-5885c200adfd}\ () (Fixed) (Total:1.39 GB) (Free:0 GB) NTFS
\\?\Volume{53c9a71f-9fe8-42a1-98f9-89888f15923a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.

==================== End of Addition.txt =======================
         

FRST.txt ist zu lang und folgt im nächstem Beitrag.

Alt 02.02.2021, 23:43   #2
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-01-2021
Ran by **** (administrator) on DESKTOP-GVB5PET (ASUS System Product Name) (02-02-2021 22:53:12)
Running from C:\Users\****\Desktop
Loaded Profiles: ****
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\qBittorrent\qbittorrent.exe
(AnchorFree Inc -> The OpenVPN Project) C:\Users\****\AppData\Local\Temp\Dashlane Vpn Service\openvpn.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Dashlane USA, Inc. -> AnchorFree Inc.) C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\****\AppData\Roaming\Dashlane\Dashlane.exe
(Dashlane USA, Inc. -> Dashlane, Inc.) C:\Users\****\AppData\Roaming\Dashlane\DashlanePlugin.exe
(Discord Inc. -> Discord Inc.) C:\Users\****\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\Docker Desktop.exe
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\resources\com.docker.backend.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Gaijin Network LTD -> Gaijin) C:\Users\****\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Kristjan Skutta -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe <49>
(Opera Software AS -> Opera Software) C:\Users\****\AppData\Local\Programs\Opera GX\72.0.3815.487\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieSvc.exe
(ShareX Team) [File not signed] D:\Steam\steamapps\common\ShareX\ShareX\ShareX.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Steam] => D:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365512 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Discord] => C:\Users\****\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-27] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [2566064 2021-01-21] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Gaijin.Net Updater] => C:\Users\****\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-12-12]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0143656C-1352-43B2-B3D2-E90EFFDCE983} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {0473DF70-B202-483D-A1D0-DF63E551836D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-02-11] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {04BAB218-20CA-4007-B360-AD3169E32E05} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05F1CCCF-0B67-4A82-9DEB-B72B32A88D6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD)
Task: {1E0696C9-442B-4188-94A0-8F8F2395AF9A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {291C4142-B057-4AB8-914F-A9665F47A111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC)
Task: {31624867-8633-444C-836B-D496805855BC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {347FA865-78DC-448F-982C-4DC2C0F86FDF} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6cf1e5114a45 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {365FC414-245A-454E-8C39-61AD4AAD9E1A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-01-13] (Microsoft Corporation -> Microsoft)
Task: {42AA9FFD-20F4-4123-8122-A72BC0CC921A} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1891432 2020-10-16] (ASUSTeK Computer Inc. -> ASUS)
Task: {478B7906-24BE-41E4-B4BE-95A34C89CDB7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A340641-FDA6-4604-AD27-6D8B00F37F83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {58E8BC50-CF24-495A-8E62-7BB0343DE640} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {665F9586-578E-466C-9833-78B59D89123C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469288 2020-02-25] (ASUSTeK Computer Inc. -> )
Task: {66B1C6A7-9BDE-492C-AA6C-D122E83CEAAC} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {6F523221-F284-421D-A673-B21791BD48B4} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [116584 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {73CAFB4B-9668-4DF9-A860-CAB19131984D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2112560 2020-01-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {75BC2A88-3584-48A7-9D16-B3D48B90AD95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B1D328E-0A12-4F30-8B2D-184D34665D12} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed]
Task: {7DF44678-13DD-4D10-A2B6-769A16641ED5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {91051D95-4C90-4F8F-BA99-31A8B0C85573} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1232904 2020-08-13] (ASUSTeK Computer Inc. -> ASUS)
Task: {91357CAD-AF0C-4C04-A189-550307E41780} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {91B3B63C-FC75-43C4-9E04-BB89455FC08D} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1509424 2020-03-31] (ASUSTeK Computer Inc. -> )
Task: {A2B1786A-58EC-4541-8F66-0BB1B2745C06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD12E4D2-D3A7-42E3-BF14-CE4BE7A365DF} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12933600 2020-12-02] (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {B1F6C1A0-E3B6-4FE2-933B-C4632890E469} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC)
Task: {B934DC97-970E-4EFB-B96B-25B20E172DE8} - System32\Tasks\Opera GX scheduled Autoupdate 1607692819 => C:\Users\****\AppData\Local\Programs\Opera GX\launcher.exe [1664664 2021-01-26] (Opera Software AS -> Opera Software)
Task: {C14FF1BC-FB0E-4E69-8E72-E50E4FB16E77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4071336 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {D24DD9FE-C9EA-4666-B989-42A57C3620BE} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {DCEC519B-4ED9-4E14-850B-2053D0133529} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1ABEDE4-F6A8-47EE-935E-76328A73D5E1} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45278736 2020-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {E3099887-C4B3-4973-BA83-1EF28F3B362B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4937235-A4D5-4C1E-9381-18337C8E8EA3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F2CA5E44-910A-471C-8EFE-B81EFB0488BB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-629832801-3061168427-1117579530-500 => C:\Users\****\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {F8BA9A0B-C67C-4AF2-AC0C-249677CD4738} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23062920 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 172.18.0.24
Tcpip\..\Interfaces\{39db88fc-71f6-40ec-99ce-b07a3187949c}: [DhcpNameServer] 172.18.0.24
Tcpip\..\Interfaces\{89036400-ea9f-4c33-a062-f311870e9c6c}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-02]
Edge Extension: (Outlook) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-11]
Edge Extension: (Word) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-11]
Edge Extension: (Excel) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-11]
Edge Extension: (PowerPoint) - C:\Users\****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-11]

FireFox:
========
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-24] (Microsoft Corporation -> Microsoft Corporation)

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-629832801-3061168427-1117579530-1001) Opera GXStable - "C:\Users\****\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [344184 2021-01-21] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2020-09-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe [2070576 2020-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1122840 2021-02-01] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-12-10] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8960384 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [16336 2021-01-21] (Docker Inc -> Docker Inc.)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [3403264 2020-12-07] (Dashlane USA, Inc. -> AnchorFree Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4581320 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-12-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-12-08] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3053656 2021-01-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2020-12-17] (Even Balance, Inc. -> )
S3 Rockstar Service; D:\Rockstar\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5463128 2021-01-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [323584 2021-01-26] (sandboxie-plus.com) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Wallpaper Engine Service; D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [514552 2020-12-14] (Kristjan Skutta -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2020-02-19] (AnchorFree Inc -> The OpenVPN Project)
S3 ALSysIO; C:\Users\****\AppData\Local\Temp\ALSysIO64.sys [47240 2020-12-12] (ALCPU (Arthur Liberman) -> Arthur Liberman) <==== ATTENTION
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\Windows\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-01] (CPUID S.A.R.L.U. -> CPUID)
S3 cpuz150; C:\Windows\temp\cpuz150\cpuz150_x64.sys [44832 2020-12-13] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 IGO_VSD; C:\Windows\system32\drivers\igovsd.sys [40224 2020-07-07] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [182160 2021-01-26] (NGO -> sandboxie-plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-11] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-02 22:49 - 2021-02-02 22:50 - 000000000 ____D C:\AdwCleaner
2021-02-02 22:48 - 2021-02-02 22:53 - 000000000 ____D C:\FRST
2021-02-02 22:47 - 2021-02-02 22:47 - 000055387 _____ C:\Users\****\Downloads\FRST.txt
2021-02-02 22:41 - 2021-02-02 22:41 - 000000000 ____D C:\Users\****\AppData\LocalLow\IGDump
2021-02-02 22:37 - 2021-02-02 22:37 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-02-02 22:37 - 2021-02-02 22:37 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-02-02 22:37 - 2021-02-02 22:37 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\Users\****\AppData\Local\mbam
2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-02 22:35 - 2021-02-02 22:35 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-02 22:34 - 2021-02-02 22:34 - 000000000 ____D C:\Users\****\Downloads\Poly.Bridge.2.v1.23
2021-02-02 22:31 - 2021-02-02 22:34 - 350368881 _____ C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar
2021-02-02 22:26 - 2021-02-02 22:26 - 000000015 _____ C:\ProgramData\krosqm.txt
2021-02-02 19:42 - 2021-02-02 19:42 - 000000000 ____D C:\Users\****\AppData\Local\gtk-3.0
2021-02-02 18:20 - 2021-02-02 18:20 - 000000000 ____D C:\Users\****\AppData\Local\ElevatedDiagnostics
2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\var
2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\Users\****\AppData\LocalLow\Blackbird Interactive
2021-02-01 01:08 - 2021-02-01 01:23 - 000000000 ____D C:\Users\****\OneDrive\Documents\Audacity
2021-02-01 01:01 - 2021-02-01 01:01 - 002652579 _____ C:\Users\****\Downloads\****_EXM_02.m4a
2021-02-01 00:54 - 2021-02-01 06:30 - 000000000 ____D C:\Users\****\AppData\Roaming\audacity
2021-02-01 00:54 - 2021-02-01 00:54 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\ProgramData\Desktop\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Users\****\AppData\Local\Audacity
2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-01-31 19:34 - 2021-01-31 19:34 - 000000000 ___RD C:\Sandbox
2021-01-31 19:33 - 2021-01-31 19:43 - 000001488 _____ C:\Windows\Sandboxie.ini
2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\Program Files\Sandboxie
2021-01-31 19:32 - 2021-01-31 19:33 - 005240143 _____ C:\Users\****\Downloads\Sandboxie-Classic-v5.46.5.zip
2021-01-31 19:23 - 2021-01-31 19:23 - 000077538 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-31 at 19.21.42.jpeg
2021-01-31 17:48 - 2021-01-31 17:48 - 000034005 _____ C:\Users\****\Downloads\Badeordnung.pdf
2021-01-31 11:38 - 2021-01-31 11:38 - 000000000 ____D C:\Users\****\AppData\LocalLow\DefaultCompany
2021-01-29 19:15 - 2021-01-29 19:19 - 000000000 ____D C:\Users\****\OneDrive\Documents\Assassin's Creed Origins
2021-01-29 18:41 - 2021-01-29 18:41 - 000000000 ____D C:\Users\****\AppData\Roaming\LoCity3D
2021-01-29 15:26 - 2021-01-29 15:27 - 000000000 ____D C:\Users\****\OneDrive\Documents\Assassin's Creed IV Black Flag
2021-01-29 15:15 - 2021-01-29 15:15 - 000006277 _____ C:\Users\****\Downloads\message (5).txt
2021-01-29 14:43 - 2021-01-29 14:43 - 003094193 _____ C:\Users\****\Downloads\APA_-_AstraZeneca.pdf.pdf
2021-01-29 14:42 - 2021-01-29 14:42 - 000032056 _____ C:\Users\****\Downloads\Vaccines__contract_between_European_Commission_and_AstraZeneca_now_published.pdf
2021-01-28 23:01 - 2021-01-28 23:01 - 000173067 _____ C:\Users\****\Downloads\Teilnahmebescheinigung.pdf
2021-01-28 23:00 - 2021-01-28 23:00 - 000174646 _____ C:\Users\****\Downloads\Leistungsnachweis (3).pdf
2021-01-28 19:07 - 2021-01-28 19:07 - 000000000 ____D C:\Users\****\AppData\LocalLow\Rejected Games
2021-01-28 19:03 - 2021-01-28 19:03 - 000000000 ____D C:\Users\****\AppData\LocalLow\VirtualBrightPlayz
2021-01-28 18:23 - 2021-02-02 21:39 - 000000000 ____D C:\Users\****\AppData\Roaming\power-nativefier-adf79a
2021-01-28 17:38 - 2021-01-29 19:15 - 000000000 ____D C:\Users\****\AppData\Local\Ubisoft Game Launcher
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\ProgramData\Ubisoft
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2021-01-28 16:25 - 2021-01-28 16:25 - 000000000 ____D C:\Users\****\AppData\LocalLow\Wastelands Interactive
2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\****\OneDrive\Documents\Train Station Renovation
2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\****\AppData\LocalLow\Live Motion Games
2021-01-28 15:59 - 2021-01-28 15:59 - 000000000 ____D C:\Users\****\OneDrive\Documents\Wastelands-Interactive
2021-01-27 20:42 - 2021-01-27 20:42 - 000461912 _____ C:\Users\****\Downloads\11174_Kontenrahmen DATEV SKR 03.pdf
2021-01-27 20:41 - 2021-01-27 20:41 - 009229367 _____ C:\Users\****\Downloads\HHPL_2021_Onlineversion_14_01_2021 (1).pdf
2021-01-27 20:39 - 2021-01-27 20:39 - 009229367 _____ C:\Users\****\Downloads\HHPL_2021_Onlineversion_14_01_2021.pdf
2021-01-27 19:46 - 2021-01-27 19:48 - 000000000 ____D C:\Users\****\AppData\Roaming\Docker Desktop
2021-01-26 00:58 - 2021-01-26 00:58 - 000000423 _____ C:\Users\****\Downloads\jsonformatter (2).txt
2021-01-26 00:56 - 2021-01-26 00:56 - 000000479 _____ C:\Users\****\Downloads\jsonformatter (1).txt
2021-01-26 00:49 - 2021-01-26 00:49 - 000000015 _____ C:\Users\****\Downloads\jsonformatter.txt
2021-01-25 23:29 - 2021-01-25 23:29 - 000000204 _____ C:\Users\****\.gitconfig
2021-01-25 13:58 - 2021-01-25 13:58 - 000000000 ____D C:\Users\****\AppData\Roaming\com.lilithsthrone.main.Main
2021-01-25 13:56 - 2021-01-25 13:56 - 051169217 _____ C:\Users\****\Downloads\Lilith's Throne v0.3.1.8.zip
2021-01-25 04:50 - 2021-01-25 04:50 - 156422624 _____ C:\Users\****\Downloads\PSST-pc.rar
2021-01-24 21:59 - 2021-01-24 21:59 - 000392398 _____ C:\Users\****\Downloads\Boyagio Chapter 2 - 2020.pdf
2021-01-24 21:53 - 2021-01-24 21:53 - 000151928 _____ C:\Users\****\Downloads\Boyagio Chapter 1 - 2020.pdf
2021-01-24 01:04 - 2021-01-24 01:06 - 000000031 _____ C:\Users\****\.node_repl_history
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (3).pdf
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (2).pdf
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\****\Downloads\twd (1).pdf
2021-01-23 21:19 - 2021-01-23 21:19 - 000111490 _____ C:\Users\****\Downloads\twd.pdf
2021-01-23 20:23 - 2021-01-23 20:23 - 000000000 ____D C:\Users\****\AppData\Local\IO Interactive
2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\****\AppData\Roaming\IO Interactive
2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\****\AppData\Local\Epic Games
2021-01-23 20:09 - 2021-01-23 20:09 - 000159421 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-23 at 20.05.11.jpeg
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Users\****\AppData\Local\qBittorrent
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Program Files\qBittorrent
2021-01-23 15:56 - 2021-01-23 15:56 - 000027012 _____ C:\Users\****\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b (1).dlc
2021-01-23 15:55 - 2021-01-23 15:55 - 000027012 _____ C:\Users\****\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b.dlc
2021-01-23 15:49 - 2021-01-23 15:49 - 000029360 _____ C:\Users\****\Downloads\d62857db3247a973c56b1e6b8646baabc5d5b5c1.dlc
2021-01-23 14:05 - 2021-01-23 14:05 - 000000000 ____D C:\Users\****\OneDrive\Documents\EVE
2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\****\AppData\Local\LauncherCrashes
2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\****\AppData\Local\CCP
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\****\AppData\Local\Gaijin
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\ProgramData\Gaijin
2021-01-21 16:41 - 2021-01-21 16:41 - 000097854 _____ C:\Users\****\Downloads\WhatsApp Image 2021-01-21 at 10.49.26.jpeg
2021-01-21 09:29 - 2021-01-21 09:29 - 000059627 _____ C:\Users\****\Downloads\Sozialversicherungen.pdf
2021-01-21 04:47 - 2021-01-21 04:52 - 000000000 ____D C:\Users\****\OneDrive\Documents\Universe Sandbox
2021-01-21 04:47 - 2021-01-21 04:47 - 000000000 ____D C:\Users\****\AppData\LocalLow\Giant Army
2021-01-21 04:30 - 2021-01-21 04:30 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk
2021-01-19 14:03 - 2021-01-19 14:03 - 000174645 _____ C:\Users\****\Downloads\Leistungsnachweis (2).pdf
2021-01-19 11:31 - 2021-01-21 04:26 - 000000000 ____D C:\Users\****\AppData\Local\Docker Desktop Installer
2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProTypers
2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\****\AppData\Local\TyperSolver
2021-01-18 21:00 - 2021-01-18 21:00 - 000174645 _____ C:\Users\****\Downloads\Leistungsnachweis (1).pdf
2021-01-18 20:40 - 2021-01-18 20:40 - 000776707 _____ C:\Users\****\Downloads\PIR00_K02 (1).pdf
2021-01-18 20:39 - 2021-01-18 20:39 - 000776707 _____ C:\Users\****\Downloads\PIR00_K02.pdf
2021-01-15 15:57 - 2021-01-15 15:57 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-15 15:57 - 2021-01-15 15:57 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 15:57 - 2021-01-15 15:57 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 15:57 - 2021-01-15 15:57 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 15:57 - 2021-01-15 15:57 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 15:57 - 2021-01-15 15:57 - 000374072 _____ C:\Windows\system32\vp9fs.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 15:57 - 2021-01-15 15:57 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-15 15:57 - 2021-01-15 15:57 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-15 03:38 - 2021-01-15 03:38 - 000000000 ____D C:\Users\****\AppData\Local\Teradici
2021-01-15 03:37 - 2021-01-15 03:37 - 000000000 ____D C:\Users\****\AppData\Local\Amazon Web Services
2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\Users\Public\Desktop\Amazon WorkSpaces.lnk
2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\ProgramData\Desktop\Amazon WorkSpaces.lnk
2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon WorkSpaces
2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\Program Files (x86)\Amazon Web Services, Inc
2021-01-15 01:54 - 2021-01-15 01:54 - 011145670 _____ C:\Users\****\Downloads\Oracle_VM_VirtualBox_Extension_Pack-6.1.16.vbox-extpack
2021-01-15 01:34 - 2021-01-15 01:34 - 000001780 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2021-01-15 01:34 - 2021-01-15 01:34 - 000000000 ____D C:\Users\****\AppData\LocalLow\Dashlane
2021-01-15 01:33 - 2021-01-23 17:17 - 000000000 ____D C:\Users\****\AppData\Roaming\Dashlane
2021-01-15 01:33 - 2021-01-15 01:33 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2021-01-14 22:27 - 2021-01-14 22:27 - 000000365 _____ C:\Users\****\Downloads\user-minus.svg
2021-01-14 21:51 - 2021-01-14 21:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-01-14 20:29 - 2021-01-14 20:31 - 080338394 _____ C:\Users\****\Downloads\Juvisu 0.1.0.zip
2021-01-14 20:27 - 2021-01-14 20:27 - 000158013 _____ C:\Users\****\Downloads\BrothersKeeper0.4.zip
2021-01-14 17:48 - 2021-01-14 17:48 - 000505278 _____ C:\Users\****\Downloads\BeamMP_Server.zip
2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\****\Downloads\dollar-sign (2).svg
2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\****\Downloads\dollar-sign (1).svg
2021-01-14 02:59 - 2021-01-14 02:59 - 000000918 _____ C:\Users\****\package-lock.json
2021-01-14 02:59 - 2021-01-14 02:59 - 000000404 _____ C:\Users\****\Downloads\user-x.svg
2021-01-14 02:59 - 2021-01-14 02:59 - 000000000 ____D C:\Users\****\node_modules
2021-01-14 00:26 - 2021-01-14 00:26 - 000000373 _____ C:\Users\****\Downloads\plus-square.svg
2021-01-14 00:26 - 2021-01-14 00:26 - 000000351 _____ C:\Users\****\Downloads\plus-circle.svg
2021-01-14 00:25 - 2021-01-14 00:25 - 000000334 _____ C:\Users\****\Downloads\dollar-sign.svg
2021-01-14 00:22 - 2021-01-14 00:22 - 000000315 _____ C:\Users\****\Downloads\pie-chart.svg
2021-01-14 00:11 - 2021-01-14 00:11 - 000000428 _____ C:\Users\****\Downloads\message-circle.svg
2021-01-14 00:11 - 2021-01-14 00:11 - 000000314 _____ C:\Users\****\Downloads\send.svg
2021-01-14 00:10 - 2021-01-14 00:10 - 000000408 _____ C:\Users\****\Downloads\user-plus.svg
2021-01-14 00:10 - 2021-01-14 00:10 - 000000386 _____ C:\Users\****\Downloads\tool.svg
2021-01-13 21:36 - 2021-01-13 21:36 - 000000000 ____D C:\Users\****\OneDrive\Documents\Egosoft
2021-01-13 18:38 - 2021-01-13 19:10 - 000000000 ____D C:\Users\****\AppData\Roaming\BeamMP Launcher
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamMP Launcher
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Roaming\BeamMP
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\****\AppData\Local\Caphyon
2021-01-13 18:37 - 2021-01-13 18:37 - 015464292 _____ C:\Users\****\Downloads\BeamMP_Installer.zip
2021-01-13 16:49 - 2021-01-13 16:49 - 000000000 ____D C:\Users\****\AppData\Roaming\Skype
2021-01-13 06:22 - 2021-01-13 06:22 - 000000000 ____D C:\Users\****\.matplotlib
2021-01-13 06:14 - 2021-01-13 06:14 - 001740714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Users\****\AppData\Local\NuGet
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Program Files (x86)\MySQL
2021-01-13 05:59 - 2021-01-13 05:59 - 000000000 ____D C:\Users\****\AppData\Roaming\NuGet
2021-01-13 05:56 - 2021-01-13 05:56 - 000000000 ____D C:\Users\****\.templateengine
2021-01-13 04:21 - 2021-01-13 06:38 - 000156498 _____ C:\Users\****\Untitled2.ipynb
2021-01-13 02:51 - 2021-01-13 02:51 - 001507766 _____ C:\Users\****\Downloads\CAREtaker v0.5.4.1.1-bugfixed.html
2021-01-12 14:28 - 2021-01-18 14:32 - 000000000 ___SD C:\Windows\system32\lxss
2021-01-12 14:28 - 2021-01-12 14:28 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2021-01-12 14:28 - 2021-01-12 14:28 - 000000000 ___SD C:\Windows\SysWOW64\lxss
2021-01-12 02:33 - 2021-01-12 02:33 - 016528923 _____ C:\Users\****\Downloads\wordpress-5.6 (1).zip
2021-01-12 02:24 - 2021-01-12 02:25 - 016528923 _____ C:\Users\****\Downloads\wordpress-5.6.zip
2021-01-12 02:07 - 2021-01-12 02:09 - 000000838 _____ C:\Users\****\Untitled1.ipynb
2021-01-12 01:32 - 2021-01-13 06:17 - 000000000 ____D C:\Users\****\.keras
2021-01-12 01:31 - 2021-01-13 06:36 - 000000000 ____D C:\Users\****\AppData\Roaming\jupyter
2021-01-12 01:31 - 2021-01-13 04:21 - 000000000 ____D C:\Users\****\.ipynb_checkpoints
2021-01-12 01:31 - 2021-01-12 01:35 - 000000618 _____ C:\Users\****\Untitled.ipynb
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\****\AppData\Local\Yarn
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\****\.jupyter
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\ProgramData\jupyter
2021-01-12 01:18 - 2021-01-12 01:18 - 000000000 ____D C:\Users\****\.conda
2021-01-12 01:10 - 2021-01-12 01:25 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2021-01-12 01:10 - 2021-01-12 01:10 - 000000000 ____D C:\Users\****\OneDrive\Documents\Python Scripts
2021-01-12 01:09 - 2021-01-12 01:20 - 000000000 ____D C:\Users\****\anaconda3
2021-01-12 01:03 - 2021-01-12 01:03 - 063128149 _____ C:\Users\****\Downloads\tensorflow-1.13.1-cp35-cp35m-win_amd64.whl
2021-01-11 16:46 - 2021-01-11 16:46 - 000000000 ____D C:\Users\****\AppData\Roaming\PsySH
2021-01-10 06:02 - 2021-01-10 06:02 - 000000000 ____D C:\Users\****\AppData\Local\Composer
2021-01-10 06:01 - 2021-01-10 06:02 - 000000000 ____D C:\Users\****\AppData\Roaming\Composer
2021-01-10 06:01 - 2021-01-10 06:01 - 000000000 ____D C:\composer
2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\****\Downloads\composer.phar
2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\****\Downloads\composer (1).phar
2021-01-10 05:53 - 2021-01-10 05:57 - 000000000 ____D C:\Users\****\.docker
2021-01-10 05:52 - 2021-02-01 19:18 - 000000000 ____D C:\ProgramData\DockerDesktop
2021-01-10 05:52 - 2021-01-21 04:30 - 000000000 ____D C:\ProgramData\Docker
2021-01-10 05:51 - 2021-02-02 18:46 - 000000000 ____D C:\Users\****\AppData\Local\Docker
2021-01-10 05:51 - 2021-01-10 05:57 - 000000000 ____D C:\Users\****\AppData\Roaming\Docker
2021-01-10 05:51 - 2021-01-10 05:51 - 000000000 ____D C:\Program Files\Docker
2021-01-10 04:18 - 2021-01-10 04:19 - 000000000 ____D C:\Users\****\AppData\Local\tyranoscript
2021-01-10 03:24 - 2021-01-10 03:24 - 000016565 _____ C:\Users\****\Downloads\discipline.zip
2021-01-09 22:05 - 2021-01-09 22:05 - 000000000 ____D C:\Users\****\AppData\Local\enchant
2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Alchemyst Tale
2021-01-08 22:31 - 2021-01-08 22:31 - 604110848 _____ C:\Users\****\OneDrive\Documents\Windows.iso
2021-01-08 22:18 - 2021-01-08 22:38 - 000000000 ____D C:\ESD
2021-01-08 22:18 - 2021-01-08 22:18 - 000000000 ___HD C:\$Windows.~WS
2021-01-08 22:17 - 2021-01-08 22:17 - 000000000 ____D C:\$WINDOWS.~BT
2021-01-08 22:15 - 2021-01-09 22:05 - 000000000 ____D C:\Users\****\AppData\Roaming\HexChat
2021-01-08 22:14 - 2021-01-08 22:14 - 010471352 _____ (HexChat ) C:\Users\****\Downloads\HexChat 2.14.3 x64.exe
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\source
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\AppData\Local\IdentityNexusIntegration
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Program Files\HexChat
2021-01-08 22:13 - 2021-01-13 06:04 - 000000000 ____D C:\Users\****\AppData\Local\.IdentityService
2021-01-08 22:13 - 2021-01-08 22:14 - 000000000 ____D C:\Users\****\OneDrive\Documents\Visual Studio 2019
2021-01-08 22:13 - 2021-01-08 22:13 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\3082
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\2052
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1055
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1049
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1046
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1045
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1042
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1041
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1040
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1036
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1033
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1031
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1029
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1028
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\3082
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\2052
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1055
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1049
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1046
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1045
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1042
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1041
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1040
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1036
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1033
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1031
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1029
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1028
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Users\****\.dotnet
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\NuGet
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\dotnet
2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\dotnet
2021-01-08 22:11 - 2021-01-08 22:11 - 000001802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2021-01-08 22:11 - 2021-01-08 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-01-08 22:10 - 2021-01-13 06:15 - 000000000 ____D C:\Users\****\AppData\Roaming\Visual Studio Setup
2021-01-08 22:10 - 2021-01-13 06:03 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2021-01-08 22:10 - 2021-01-13 06:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Roaming\vstelemetry
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft Visual Studio
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\****\AppData\Local\ServiceHub
2021-01-08 22:09 - 2021-01-08 22:09 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2021-01-08 14:05 - 2021-01-08 14:05 - 000000000 ____D C:\Users\****\AppData\Local\INetHistory
2021-01-08 04:00 - 2021-01-08 04:00 - 001184178 _____ C:\Users\****\Downloads\Kml Military bases.kml
2021-01-08 00:09 - 2021-01-08 00:10 - 006865541 _____ C:\Users\****\Downloads\Git Compiled (10-21-2020) (1).rar
2021-01-07 23:07 - 2021-01-07 23:07 - 000000000 ____D C:\Users\****\.prefs
2021-01-05 17:53 - 2021-01-05 18:43 - 000000000 ____D C:\Users\****\OneDrive\Documents\Mount and Blade II Bannerlord
2021-01-04 19:40 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-02 22:53 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-02 22:50 - 2020-12-19 17:43 - 000000000 ____D C:\Users\****\AppData\Roaming\discord
2021-02-02 22:50 - 2020-12-10 19:11 - 000000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2021-02-02 22:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-02 22:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-02 21:53 - 2020-12-10 22:12 - 000000000 ____D C:\Users\****\AppData\Local\CrashDumps
2021-02-02 21:44 - 2020-12-11 02:57 - 000000000 ____D C:\Users\****\AppData\Local\Packages
2021-02-02 21:44 - 2020-12-10 19:03 - 000000000 ____D C:\Users\****\AppData\Local\PlaceholderTileLogoFolder
2021-02-02 21:43 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-02 21:33 - 2021-01-01 19:53 - 000000000 ____D C:\Users\****\AppData\Roaming\Stormworks
2021-02-02 20:46 - 2021-01-02 14:08 - 000000000 ____D C:\Users\****\AppData\Local\LogMeIn Hamachi
2021-02-02 19:37 - 2020-12-10 19:36 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-02 16:44 - 2020-12-10 23:07 - 000000000 ____D C:\Users\****\OneDrive\Documents\ShareX
2021-02-02 14:54 - 2020-12-12 06:23 - 000000000 ____D C:\Users\****\OneDrive\Documents\Paradox Interactive
2021-02-02 14:06 - 2020-12-10 19:57 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-02-02 12:46 - 2020-12-12 07:41 - 000000000 ____D C:\ProgramData\FAHClient
2021-02-02 12:46 - 2020-12-11 20:15 - 000003092 _____ C:\Windows\system32\Tasks\GPU Tweak II
2021-02-02 12:46 - 2020-12-11 02:51 - 000000000 ____D C:\ProgramData\ASUS
2021-02-01 20:39 - 2020-12-11 02:56 - 000000000 ____D C:\Users\****
2021-02-01 19:25 - 2020-12-11 02:57 - 001724774 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-01 19:25 - 2020-12-11 01:33 - 000746378 _____ C:\Windows\system32\perfh007.dat
2021-02-01 19:25 - 2020-12-11 01:33 - 000154146 _____ C:\Windows\system32\perfc007.dat
2021-02-01 19:25 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-01 19:18 - 2020-12-11 02:51 - 001162008 _____ C:\Windows\system32\wpbbin.exe
2021-02-01 19:18 - 2020-12-11 02:51 - 001122840 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-02-01 19:18 - 2020-12-11 02:51 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-01 19:18 - 2020-11-19 00:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-01 19:18 - 2020-11-19 00:41 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-01 05:22 - 2020-12-12 11:16 - 000000000 ____D C:\Users\****\AppData\Roaming\Code
2021-01-31 19:39 - 2020-11-19 00:45 - 000000000 ____D C:\ProgramData\Packages
2021-01-31 16:08 - 2020-12-22 16:45 - 000000000 ____D C:\Users\****\AppData\Roaming\npm-cache
2021-01-30 20:11 - 2020-11-19 00:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-29 19:15 - 2020-12-10 19:18 - 000000000 ____D C:\Users\****\AppData\Local\D3DSCache
2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\****\OneDrive\Documents\Twine
2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\****\AppData\Roaming\Twine
2021-01-28 18:45 - 2020-12-11 14:20 - 000004232 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1607692819
2021-01-28 18:45 - 2020-12-11 14:20 - 000001438 _____ C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-01-28 18:43 - 2020-12-10 22:13 - 000000000 ____D C:\Users\****\AppData\Roaming\.minecraft
2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-26 22:16 - 2020-12-17 21:52 - 000000000 ____D C:\Users\****\AppData\Local\Arma 3 Launcher
2021-01-26 22:02 - 2020-12-17 22:02 - 000000000 ____D C:\Users\****\AppData\Local\Arma 3
2021-01-26 10:59 - 2020-12-24 15:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-01-25 20:33 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-01-25 04:50 - 2020-12-12 00:17 - 000000000 ____D C:\Users\****\AppData\Roaming\RenPy
2021-01-24 15:56 - 2020-12-13 06:59 - 000000000 ____D C:\Users\****\AppData\Local\JDownloader 2.0
2021-01-23 21:33 - 2020-12-18 13:09 - 000000000 ____D C:\RAGEMP
2021-01-23 19:57 - 2020-12-11 02:52 - 000000000 ____D C:\Users\****\AppData\Local\Disc_Soft_Ltd
2021-01-22 10:49 - 2020-12-10 18:58 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-21 23:18 - 2020-12-10 19:36 - 000000000 ____D C:\Users\****\AppData\Local\NVIDIA Corporation
2021-01-21 21:37 - 2020-12-14 16:54 - 000000000 ____D C:\Users\****\OneDrive\Documents\My Games
2021-01-21 17:28 - 2020-12-10 19:00 - 000000000 ____D C:\Program Files (x86)\LightingService
2021-01-21 17:28 - 2020-12-10 18:59 - 000000000 ____D C:\Program Files\ASUS
2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-01-19 21:49 - 2020-11-19 00:44 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-19 21:49 - 2020-11-19 00:44 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-19 20:04 - 2020-12-11 00:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-19 01:31 - 2020-12-19 17:43 - 000000000 ____D C:\Users\****\AppData\Local\SquirrelTemp
2021-01-18 14:34 - 2020-11-19 00:41 - 000440880 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-18 14:32 - 2020-12-26 04:08 - 000000000 ____D C:\Program Files\Hyper-V
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-18 14:32 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-16 20:15 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\OneDrive\Documents\Rockstar Games
2021-01-16 20:14 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\AppData\Local\Rockstar Games
2021-01-15 15:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 15:56 - 2020-11-19 00:43 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-15 15:53 - 2020-12-13 18:08 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 03:37 - 2020-12-26 04:05 - 000000000 ____D C:\Users\****\.VirtualBox
2021-01-15 02:11 - 2020-12-26 04:05 - 000000000 ____D C:\Users\****\VirtualBox VMs
2021-01-15 01:49 - 2020-12-26 04:05 - 000000000 ____D C:\ProgramData\VirtualBox
2021-01-14 21:51 - 2020-12-13 13:15 - 000000000 ____D C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-01-14 19:58 - 2020-12-20 19:45 - 000025342 _____ C:\Users\****\Downloads\verdi.pdf
2021-01-14 16:46 - 2020-12-31 22:07 - 000000000 ____D C:\Users\****\OneDrive\Documents\BeamNG.drive
2021-01-12 00:00 - 2020-12-13 06:02 - 000000000 ____D C:\ProgramData\AMD AutoUpdate
2021-01-11 12:47 - 2020-12-24 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-10 23:50 - 2020-12-11 02:58 - 000000000 ___RD C:\Users\****\OneDrive
2021-01-10 23:50 - 2020-12-10 20:00 - 000000000 ____D C:\Users\****\OneDrive\Documents\3DMark
2021-01-10 05:52 - 2020-11-19 03:50 - 001499136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfpext.sys
2021-01-10 05:52 - 2020-11-19 03:50 - 001115448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxcore.sys
2021-01-10 05:52 - 2020-11-19 03:50 - 000405824 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\vmvpci.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000320000 _____ (Microsoft Corporation) C:\Windows\system32\vfpctrl.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\wsl.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000122168 _____ (Microsoft Corporation) C:\Windows\system32\vmsifcore.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000109384 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\wslconfig.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000079168 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\bash.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\vfpapi.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000027960 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll
2021-01-10 05:52 - 2020-11-19 03:49 - 000206152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2021-01-10 05:52 - 2020-11-19 03:49 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000260616 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000222008 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000151352 _____ C:\Windows\system32\nmscrub.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000129336 _____ (Microsoft Corporation) C:\Windows\system32\vmvirtio.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000123704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000107048 _____ (Microsoft Corporation) C:\Windows\system32\p9np.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000091152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\p9rdr.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000081208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p9np.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000061240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000049192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000037112 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000027448 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000015880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2021-01-09 22:05 - 2021-01-01 15:31 - 000000000 ____D C:\ProgramData\NeoFly
2021-01-09 21:45 - 2021-01-01 15:28 - 000000000 ____D C:\Users\****\AppData\Local\Deployment
2021-01-08 22:38 - 2020-12-11 02:50 - 000000000 ____D C:\Windows\Panther
2021-01-08 22:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-01-08 22:11 - 2020-12-13 14:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-08 14:01 - 2020-12-10 19:01 - 000000000 ____D C:\Users\****\AppData\Local\Comms
2021-01-05 17:24 - 2021-01-02 20:44 - 000000000 ____D C:\Users\****\AppData\Local\FlightSimulator
2021-01-03 21:04 - 2020-12-17 22:02 - 000000000 ____D C:\Users\****\OneDrive\Documents\Arma 3

==================== Files in the root of some directories ========

2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ () C:\Users\****\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
--- --- ---
__________________


Alt 03.02.2021, 12:16   #3
M-K-D-B
/// TB-Ausbilder
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84







Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen.



Du hast MBAM ausgeführt? Dann poste doch bitte die dazugehörige Logdatei.
__________________
__________________

Alt 03.02.2021, 13:59   #4
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Hallo, danke für die Antwort.

Ist es das hier was du brauchst?

Code:
ATTFilter
9600572DEF9717C1EAB149A367542C70E33907F9DA63E9328399A2D9C123E2D9
{
   "applicationVersion" : "4.3.0.98",
   "chromeSyncResetQueryRequested" : false,
   "chromeSyncResetQueryResult" : false,
   "clientID" : "MbamUI",
   "clientType" : "fullUIScan",
   "componentsUpdatePackageVersion" : "1.0.1157",
   "coreDllFileVersion" : "3.0.0.1103",
   "cpu" : "x64",
   "dbSDKUpdatePackageVersion" : "1.0.36627",
   "detectionDateTime" : "2021-02-02T21:37:11Z",
   "fileSystem" : "NTFS",
   "id" : "cf2631ce-659e-11eb-9587-244bfee0e3a6",
   "isUserAdmin" : true,
   "licenseState" : "trial",
   "linkagePhaseComplete" : true,
   "loggedOnUserName" : "DESKTOP-GVB5PET\\****",
   "machineID" : "",
   "os" : "Windows 10 (Build 19041.746)",
   "schemaVersion" : 18,
   "sourceDetails" : {
      "aggressiveMode" : false,
      "clientMetadata" : {
         "jobId" : "",
         "scheduleId" : "",
         "scheduleTag" : ""
      },
      "ddsigEnabled" : true,
      "filesScannedByIG" : 7,
      "objectsScanned" : 346866,
      "scanEndTime" : "2021-02-02T21:39:33Z",
      "scanOnlineStatus" : "online",
      "scanOptions" : {
         "pumHandling" : "detect",
         "pupHandling" : "detect",
         "scanArchives" : true,
         "scanFileSystem" : true,
         "scanMemoryObjects" : true,
         "scanPUMs" : true,
         "scanPUPs" : true,
         "scanRookits" : false,
         "scanStartupAndRegistry" : true,
         "scanType" : "threat",
         "useHeuristics" : true
      },
      "scanResult" : "completed",
      "scanStartTime" : "2021-02-02T21:37:11Z",
      "scanState" : "completed",
      "shurikenEnabled" : true,
      "type" : "scan"
   },
   "threats" : [
      {
         "ddsSigFileVersion" : "01099226",
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "archiveMember" : "",
            "archiveMemberMD5" : "",
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "notStarted",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "",
            "generatedByPostCleanupAction" : false,
            "hubbleRequestErrorCode" : 0,
            "id" : "fd2d067e-659e-11eb-a062-244bfee0e3a6",
            "igExitCode" : "",
            "isPEFile" : true,
            "isPEFileValid" : true,
            "linkType" : "none",
            "objectMD5" : "91FCEA45B122C6581A5725CE34F04C7F",
            "objectPath" : "C:\\$RECYCLE.BIN\\S-1-5-21-629832801-3061168427-1117579530-1001\\$RZND0WV.23\\POLY BRIDGE 2 V1.23.EXE",
            "objectSha256" : "843AAA8076501D2AD8DBA88525640162F4B9BB96312F0937472C75D8543393F1",
            "objectSize" : 1313792,
            "objectType" : "file",
            "resolvedPath" : "C:\\$Recycle.Bin\\S-1-5-21-629832801-3061168427-1117579530-1001\\$RZND0WV.23\\Poly Bridge 2 v1.23.exe",
            "suggestedAction" : {
               "archiveDir" : false,
               "chromeExtensionOther" : false,
               "chromeExtensionPreferences" : false,
               "chromeExtensionSecurePreferences" : false,
               "chromeExtensionSyncData" : false,
               "chromeUrlOther" : false,
               "chromeUrlSecurePreferences" : false,
               "chromeUrlSyncData" : false,
               "chromeUrlWebData" : false,
               "disableHubbleWhiteListing" : true,
               "disableSignatureWhiteListing" : true,
               "fileDelete" : true,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "isChromeObject" : false,
               "isDDS" : true,
               "isDoppleganging" : false,
               "isExternalDetection" : false,
               "isPUP" : false,
               "isShuriken" : false,
               "isWMIEventConsumer" : false,
               "killProcess" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : false,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "shortcutReplace" : false,
               "silentMode" : false,
               "singleDelete" : false,
               "treatAsRootkit" : false,
               "useDDA" : false,
               "verifyResolvedPath" : true,
               "whitelistCheckError" : false
            },
            "winVerifyTrustResult" : {
               "expectedError" : true,
               "lastErrorCode" : -2146762496,
               "wvtCalled" : true,
               "wvtResult" : -2146762496
            }
         },
         "ruleID" : 901746,
         "ruleString" : "EE3F2D9D962F6475FE8ED801",
         "rulesVersion" : "1.0.36627",
         "srcEngineComponent" : "dds",
         "srcEngineThreatNames" : [
            "Malware.AI.4270774273",
            "Malware.Heuristic.1001"
         ],
         "threatID" : 74,
         "threatName" : "Trojan.Crypt"
      },
      {
         "ddsSigFileVersion" : "01099226",
         "linkedTraces" : [
         ],
      }
   ],
   "threatsDetected" : 1
}
         

Alt 03.02.2021, 14:44   #5
M-K-D-B
/// TB-Ausbilder
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Das genügt auch, danke.



Zitat:
Node.js (HKLM\...\{7667E0D6-09E5-4146-94B0-F8918EC5A692}) (Version: 15.4.0 - Node.js Foundation)
Wofür benötigst du diese Software?


Zitat:
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
Über diverse Torrent-Systeme wird oft Malware verbreitet. Du solltest dir gut überlegen, so etwas weiter zu verwenden, zudem du bei derartiger Software ganz schnell im illegalen Bereich bist. Oder sind diese Informationen neu für dich?


Zitat:
2021-02-02 22:49 - 2021-02-02 22:50 - 000000000 ____D C:\AdwCleaner
AdwCleaner hast du auch ausgeführt. Die Logdatei möchtest du nicht posten?



Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    CloseProcesses:
    C:\Users\AllUserName\Downloads\Poly Bridge 2 v1.23
    C:\Users\AllUserName\Downloads\Poly.Bridge.2.v1.23.rar
    C:\ProgramData\krosqm.txt
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: Bitsadmin /Reset /Allusers
    powershell: Set-MpPreference -PUAProtection Enabled
    powershell: Set-MpPreference -DisableScanningNetworkFiles 0
    Hosts:
    RemoveProxy:
    SystemRestore: On 
    EmptyTemp:
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 2
  • Starte FRST erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Bitte poste mit deiner nächsten Antwort:
  • die Beantwortung der gestellten Fragen
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt)


Alt 03.02.2021, 15:53   #6
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Bin leider zu doof für zitieren.

Wofür benötigst du diese Software?

Brauche Node.js für die Entwicklung in Typescript/Javascript

Über diverse Torrent-Systeme wird oft Malware verbreitet. Du solltest dir gut überlegen, so etwas weiter zu verwenden, zudem du bei derartiger Software ganz schnell im illegalen Bereich bist. Oder sind diese Informationen neu für dich?

Nein, ist keine neue Information, in der Tat benutze ich Torrents meist für das downloaden von Systemabbildern (ISO Datein), da sind Torrents in der Regel praktischer weil eben keine Downloadfehler gibt (ja, ist das gleiche als ob man den Hash vom Download vergleicht aber man hat ja nicht immer von Seiten des Uploaders den Hash.

AdwCleaner hast du auch ausgeführt. Die Logdatei möchtest du nicht posten?

Sorry, hab ich vergessen.

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.1
# -------------------------------
# Build:    01-20-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-02-2021
# Duration: 00:00:15
# OS:       Windows 10 Pro
# Scanned:  31956
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
         

fixlog.txt
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021
Ran by **** (03-02-2021 15:35:25) Run:1
Running from C:\Users\****\OneDrive\Desktop
Loaded Profiles: ****
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Users\****\Downloads\Poly Bridge 2 v1.23
C:\Users\Default\Downloads\Poly Bridge 2 v1.23
C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar
C:\Users\Default\Downloads\Poly.Bridge.2.v1.23.rar
C:\ProgramData\krosqm.txt
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
SystemRestore: On 
EmptyTemp:

*****************

Processes closed successfully.
"C:\Users\****\Downloads\Poly Bridge 2 v1.23" => not found
"C:\Users\Default\Downloads\Poly Bridge 2 v1.23" => not found
C:\Users\****\Downloads\Poly.Bridge.2.v1.23.rar => moved successfully
"C:\Users\Default\Downloads\Poly.Bridge.2.v1.23.rar" => not found
C:\ProgramData\krosqm.txt => moved successfully

========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


========= netsh advfirewall reset =========

OK.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.


========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

{1ED14D3D-4595-4152-BAEA-9550F051DBCA} canceled.
{A254A23E-5760-410D-BE54-BEA19654CEA1} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========


========= Set-MpPreference -PUAProtection Enabled =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -PUAProtection Enabled
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========


========= Set-MpPreference -DisableScanningNetworkFiles 0 =========

Set-MpPreference : Es ist ein allgemeiner Fehler aufgetreten, für den kein spezifischerer Fehlercode verfügbar ist.
In C:\FRST\tmp.ps1:1 Zeichen:1
+ Set-MpPreference -DisableScanningNetworkFiles 0
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],  
   CimException
    + FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
 

========= End of Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-629832801-3061168427-1117579530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-629832801-3061168427-1117579530-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

SystemRestore: On => completed

=========== EmptyTemp: ==========

BITS transfer queue => 9461760 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39109690 B
Java, Flash, Steam htmlcache => 94518319 B
Windows/system/drivers => 24183840 B
Edge => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 432 B
LocalService => 29058 B
NetworkService => 179650 B
**** => 997633719 B

RecycleBin => 11753594255 B
EmptyTemp: => 12 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:38:21 ====
         
Danach wurde ein Neustart durchgeführt.

Addition.txt
[CODE]
Sir.FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021
Ran by *** (03-02-2021 15:44:40)
Running from C:\Users\***\Desktop\Logs
Windows 10 Pro Version 20H2 19042.746 (X64) (2020-12-11 01:52:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-629832801-3061168427-1117579530-500 - Administrator - Disabled)
*** (S-1-5-21-629832801-3061168427-1117579530-1001 - Administrator - Enabled) => C:\Users\***
DefaultAccount (S-1-5-21-629832801-3061168427-1117579530-503 - Limited - Disabled)
Guest (S-1-5-21-629832801-3061168427-1117579530-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-629832801-3061168427-1117579530-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AI Noise-Canceling Microphone (HKLM\...\AI Noise-Canceling Microphone) (Version: 1.0.1.9 - ASUSTek Computer Inc.)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 3.00.59 - ASUSTeK Computer Inc.)
Amazon WorkSpaces (HKLM-x32\...\{6DDE53C5-D069-4273-9770-F9B013FB381E}) (Version: 3.1.2.1844 - Amazon Web Services, Inc)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 2.6.0.1702 - Advanced Micro Devices, Inc.)
Anaconda3 2020.11 (Python 3.8.5 64-bit) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Anaconda3 2020.11 (Python 3.8.5 64-bit)) (Version: 2020.11 - Anaconda, Inc.)
ARMOURY CRATE Lite Service (HKLM\...\{EF3944FF-2501-4568-B15C-5701E726719E}) (Version: 3.3.7 - ASUS)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Origins (HKLM-x32\...\Uplay Install 3539) (Version:  - Ubisoft)
ASUS AIOFan HAL (HKLM\...\{EAE80DED-1A39-41C5-9F60-87CC947F6454}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AIOFan HAL (HKLM-x32\...\{c6059da6-7c2c-4aff-99e6-a524262404ad}) (Version: 1.1.15.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{a75323e1-f1a4-4aff-a7ce-3858cbc1c0d2}) (Version: 1.0.24 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{1ed19b57-ef0e-474d-946f-aac911f8b0e3}) (Version: 1.0.69.0 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.04.03 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{4e2ab86c-b539-4b1d-bacd-a434371143fb}) (Version: 0.0.3.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS Framework Service (HKLM-x32\...\{161cc9f2-e50c-4561-a999-15cf3133a1d3}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.1.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GPU TweakII (HKLM-x32\...\{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{2914BAB6-CA16-4B5A-BF41-2466656C7040}) (Version: 2.2.7.0 - ASUSTek COMPUTER INC.)
ASUS Motherboard (HKLM-x32\...\{93795eb8-bd86-4d4d-ab27-ff80f9467b37}) (Version: 1.04.21 - ASUSTek Computer Inc.)
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.39 - ASUSTeK Computer Inc.) Hidden
Audacity 2.4.2 (HKLM-x32\...\Audacity_is1) (Version: 2.4.2 - Audacity Team)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.54 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{db73e7a9-d4ff-4857-a29c-4f6414eb8aca}) (Version: 1.0.54 - ASUS) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.14 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.14 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.32 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{1dd27167-f40c-47db-9e8f-b2f5d210f173}) (Version: 3.04.32 - ASUSTeK Computer Inc.)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Battlestate Games Launcher 10.4.4.1239 (HKLM-x32\...\{B0FDA062-7581-4D67-B085-C4E7C358037F}_is1) (Version: 10.4.4.1239 - Battlestate Games)
BeamMP Launcher (HKLM\...\{0D8B7A7C-5EA7-41FF-8736-FEF9CF648661}) (Version: 1.80.5 - BeamMP) Hidden
BeamMP Launcher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\BeamMP Launcher 1.80.5) (Version: 1.80.5 - BeamMP)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{0243F145-076D-423A-8F77-218DC8840261}) (Version: 4.8.04119 - Microsoft Corporation) Hidden
Core Temp 1.16 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.16 - ALCPU)
CORSAIR iCUE Software (HKLM-x32\...\{74AF4222-AABF-462F-B0CC-59A4BF827F8C}) (Version: 3.36.125 - Corsair)
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CPUID ROG CPU-Z 1.93 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.93 - CPUID, Inc.)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1387 - Disc Soft Ltd)
Dashlane (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Dashlane) (Version: 6.2103.0.42861 - Dashlane, Inc.)
DB Browser for SQLite (HKLM\...\{05578DF5-8497-4177-970D-702309C5D897}) (Version: 3.12.1 - DB Browser for SQLite Team)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Docker Desktop (HKLM\...\Docker Desktop) (Version: 3.1.0 - Docker Inc.)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 3.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{E050E98C-5524-4AFB-9E53-97700BEF2C02}) (Version: 1.1.28.0 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{d22b5310-9f1e-43a8-8547-58fa44742994}) (Version: 1.1.28.0 - Ene Tech.) Hidden
Entity Framework 6.2.0 Tools  for Visual Studio 2019 (HKLM-x32\...\{7C2070BF-8E07-4B5F-A182-FADB0B95AB39}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Escape from Tarkov (HKLM-x32\...\EscapeFromTarkov) (Version: 0.12.9.10519 - Battlestate Games)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Excel (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Folding@home (HKLM-x32\...\FAHClient) (Version: 7.6.21 - Folding@home.org)
FTB App (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Overwolf_cmogmmciplgmocnhikmphehmeecmpaggknkjlbag) (Version: 1.0.12 - Overwolf app)
Futuremark SystemInfo (HKLM-x32\...\{F608ED5F-3818-4F87-A277-E52E8790C039}) (Version: 5.35.871.0 - Futuremark)
Git version 2.29.2.3 (HKLM\...\Git_is1) (Version: 2.29.2.3 - The Git Development Community)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2189.0 - Rockstar Games)
HexChat (HKLM\...\HexChat_is1) (Version: 2.14.3 - HexChat)
Hitman 3 (HKLM-x32\...\Hitman 3_is1) (Version:  - )
HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz)
icecap_collection_neutral (HKLM-x32\...\{7C703135-98AC-4EB9-86C0-0C3169C99649}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{7C914878-C64B-4CA6-8E41-91308877A586}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{C28C9D95-66E3-48A9-8CC4-A517661DD132}) (Version: 16.8.30607 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{D3B94F9C-CBFC-4571-B30B-7665B3A9DB4F}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{10764165-E41B-4A08-B2B0-950EA48A27AC}) (Version: 19.0.281 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM-x32\...\{7D94CF67-6666-4111-B027-D7AB7F189F70}) (Version: 15.0.18198.01 - Microsoft Corporation) Hidden
Java 8 Update 271 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{511a62a9-1ff0-4cc5-adfe-4a5bd044a3c0}) (Version: 1.0.28 - KINGSTON COMPONENTS INC.) Hidden
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{E1F68FC9-F23C-4F44-8092-CAC55E43A80B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lily (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Lily) (Version:  - )
LogMeIn Hamachi (HKLM-x32\...\{ECC0FA07-863E-44BC-8B1D-DA22F96E5FB7}) (Version: 2.2.0.633 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.633 - LogMeIn, Inc.)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET SDK 5.0.101 (x64) from Visual Studio (HKLM\...\{D623A466-38A7-4E39-9D69-7B07951D3406}) (Version: 5.1.120.60105 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.56 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.71 - )
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29325 (HKLM-x32\...\{33628a12-6787-4b9f-95a1-92449f69fae0}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.26.28720 (HKLM-x32\...\{86380aef-fd23-4fc3-8723-a98ccad8f2c6}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.52.1 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 2.8.3077.1211 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM\...\{0AF3B52A-F38D-4D63-9F72-73623C601CD9}) (Version: 15.0.1200.24 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2019 CTP2.2 (HKLM-x32\...\{BF16A1DB-06A6-4A8E-B7A8-61F1F9C9FBA3}) (Version: 15.0.1200.24 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{27B34E47-68AE-4802-822A-9F0C187AF84A}) (Version: 1.0.0.0 - Mojang)
MySQL Connector Net 8.0.22 (HKLM-x32\...\{F7CB561A-E6E8-4B53-887B-DE2215BCA4C4}) (Version: 8.0.22 - Oracle)
NeoFly (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\2eedfbc2cc1a251c) (Version: 2.33.0.4 - NeoFly)
Node.js (HKLM\...\{7667E0D6-09E5-4146-94B0-F8918EC5A692}) (Version: 15.4.0 - Node.js Foundation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Grafiktreiber 460.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 460.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera GX Stable 72.0.3815.487 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Opera GX 72.0.3815.487) (Version: 72.0.3815.487 - Opera Software)
Oracle VM VirtualBox 6.1.16 (HKLM\...\{6BC7BBCE-9202-4698-B866-F02AACB838C7}) (Version: 6.1.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.91.46291 - Electronic Arts, Inc.)
Outlook (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.162.0.13 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (HKLM-x32\...\{8989DBC1-E87B-448F-9147-57EEEC5A24A5}) (Version: 1.0.0 - Overwolf) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
Patriot Viper DRAM RGB (HKLM\...\{1F9C282E-CCB4-4D8E-A5CB-7B74DFCD8C95}) (Version: 1.0.9.1 - Patriot Memory) Hidden
Patriot Viper DRAM RGB (HKLM-x32\...\{e38442c0-a433-48c2-84e2-51ac0b30c3ab}) (Version: 1.0.9.1 - Patriot Memory)
Patriot Viper M2 SSD RGB (HKLM\...\{8B4C0A3D-C135-4E1F-98D8-3926494B4D61}) (Version: 1.0.6.3 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{8839fbd5-69f9-41c5-a1cf-cdfbec966d66}) (Version: 1.0.6.3 - Patriot Memory)
PDF24 Creator 10.0.7 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.7 - PDF24.org)
PHISON HAL (HKLM\...\{966E33F0-6786-4B38-AA29-C1B3F6C1955D}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PHISON HAL (HKLM-x32\...\{c8f7044c-7f48-404a-9a5d-9f038f28a789}) (Version: 1.0.6.0 - PHISON Electronics Corp.) Hidden
PowerPoint (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
qBittorrent 4.3.3 (HKLM-x32\...\qBittorrent) (Version: 4.3.3 - The qBittorrent project)
RAGE Multiplayer (HKLM-x32\...\RAGE Multiplayer) (Version: 0.0.1.1 - )
RamCache III (HKLM-x32\...\RamCache III) (Version: 1.01.08 - ASUSTeKcomputer Inc)
Red Dead Redemption 2 (HKLM-x32\...\Red Dead Redemption 2) (Version: 1.0.1355.18 - Rockstar Games)
REDlauncher (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version:  - GOG.com)
RetroArch 1.9.0 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\RetroArch) (Version: 1.9.0 - libretro)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.16.0 - ASUSTek COMPUTER INC.)
Sandboxie 5.46.5 (64-bit) (HKLM\...\Sandboxie) (Version: 5.46.5 - sandboxie-plus.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.6 - TeamSpeak Systems GmbH)
The Alchemyst Tale version 0.9.2a (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ED583D84-DF75-4411-80DB-7FE5AD2F07F7}_is1) (Version: 0.9.2a - Night Games)
Twine 2.3.9 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\09757d2a-5a16-578f-a64f-297ed0213ec0) (Version: 2.3.9 - Chris Klimas)
TyperSolver (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\TyperSolver) (Version: 2.1.2 - ProTypers)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 118.0.10358 - Ubisoft)
UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden
Universal Holtek RGB DRAM (HKLM\...\{826388E4-E31F-4514-948B-3BB954FB3EAF}) (Version: 1.0.0.1 - PD) Hidden
Universal Holtek RGB DRAM (HKLM-x32\...\{68fb2ff9-0618-4948-b68f-9f95e5687067}) (Version: 1.0.0.1 - PD)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{21928C37-911F-4FC7-936F-720AB8739C0E}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Visual Studio Community 2019 (HKLM-x32\...\00cf5edf) (Version: 16.8.30804.86 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{A71406B5-E487-4B01-8E59-D466841350F5}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{C7E8A4F2-EF09-42A8-B892-69D5ED99D965}) (Version: 16.0.102.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{B5E3A3E1-1529-4D5A-9E95-34971FA07825}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{78696386-A4B6-4F69-B558-2667CD3A579D}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{271F1F42-B547-4498-825F-590DBB1774F7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{30D97A69-3C0F-4552-9A72-60E591B210C7}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{DEB11EB7-B61A-4883-8CB0-99013A4873AB}) (Version: 16.8.30608 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{A90E107F-D024-4EEC-A6F4-9E2858B4E506}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{AD0C92A4-1514-4BC1-A723-A272A8343924}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{E9439DB7-BF01-4820-8CB1-80957150AB86}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{8990F1B6-F880-4E73-A2D9-7A611F4C38A1}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{3C4B2ED3-2296-4203-A420-AC042BE8484D}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{27B16914-BC5D-4018-8074-071262A27F6D}) (Version: 16.2.28917 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{08AF5DA9-F3BD-4B59-8D99-C47CC4D53CAD}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6013F369-D916-4C44-A79F-B1A35AEDAEBB}) (Version: 16.8.30530 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{E1FD1D9D-0611-4DE5-826F-37FAC17706AC}) (Version: 16.8.30615 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{E208E682-50EE-4F2F-9860-C91B906B8A03}) (Version: 16.0.28329 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{BEEB2E56-91DB-4AFB-AC88-8E98B18DD889}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{0F772F74-D1D4-4D63-B37D-FBBC3D9581C7}) (Version: 16.8.30509 - Microsoft Corporation) Hidden
War Thunder Launcher 1.0.3.260 (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Network)
WD_BLACK AN1500 (HKLM\...\{085E2365-0A70-4230-B664-02D5E4FE7E9C}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WD_BLACK AN1500 (HKLM-x32\...\{9c94735f-73fd-4b0f-9ddb-8be7b3cc4681}) (Version: 1.0.12.0 - ENE TECHNOLOGY INC.) Hidden
WeMod (HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\WeMod) (Version: 6.3.12 - WeMod)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
XAMPP (HKLM\...\xampp) (Version: 8.0.0-2 - Bitnami)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.5) (Version: 1.3.5 - Xvid Team)

Packages:
=========
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.3.7.0_x64__qmba6cd70vzyy [2021-01-21] (ASUSTeK COMPUTER INC.)
Bridge Constructor Portal -> C:\Program Files\WindowsApps\HeadupGames.BridgeConstructorPortal_5.0.173.2_x64__zedvb25zy7eke [2021-02-02] (Headup Games)
Control PCGP -> C:\Program Files\WindowsApps\505GAMESS.P.A.ControlPCGP_1.0.5.0_x64__tefn33qh9azfc [2021-01-22] (505 GAMES S.P.A.)
Kali Linux -> C:\Program Files\WindowsApps\KaliLinux.54290C8133FEE_1.6.0.0_x64__ey8k8hqnwqnmg [2021-01-15] (Kali Linux)
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.12.13.0_x64__8wekyb3d8bbwe [2020-12-23] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2020-12-11] (Microsoft Studios)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-01-30] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.37.4322.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) [Startup Task]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.21057.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Studios)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-01-21] (NVIDIA Corp.)
Python 3.9 -> C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.9_3.9.496.0_x64__qbz5n2kfra8p0 [2020-12-26] (Python Software Foundation)
Sea of Thieves -> C:\Program Files\WindowsApps\Microsoft.SeaofThieves_2.98.921.2_x64__8wekyb3d8bbwe [2021-01-30] (ms-resource:PublisherDisplayName)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.151.382.0_x86__zpdnekdrzrea0 [2021-01-30] (Spotify AB) [Startup Task]
Ubuntu -> C:\Program Files\WindowsApps\CanonicalGroupLimited.UbuntuonWindows_2004.2020.812.0_x64__79rhkp1fndgsc [2021-01-31] (Canonical Group Limited)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2021-02-01] (word.office.com)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-21] (New Work SE)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\nvshext.dll [2020-12-12] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [251392 2017-12-08] () [File not signed]
HKLM\...\Drivers32: [msacm.l3acm] => C:\Windows\SysWOW64\l3codecp.acm [189440 2019-12-07] (Microsoft Windows -> Fraunhofer Institut Integrierte Schaltungen IIS)
HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [235520 2017-12-08] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda3).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\***\anaconda3\Scripts\activate.bat C:\Users\***\anaconda3
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt (anaconda32).lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\***\anaconda32\Scripts\activate.bat C:\Users\***\anaconda32
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cf42999f6561ff23\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2020-07-08 18:42 - 2020-07-08 18:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 18:42 - 2020-07-08 18:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 18:16 - 2020-07-14 18:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-12-10 23:51 - 2020-01-08 13:33 - 000147456 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000884224 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000999936 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000987648 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000950784 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 001667584 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2020-12-11 00:03 - 2020-02-20 10:02 - 001063424 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FanInfofromProtocol.dll
2020-12-10 23:51 - 2020-03-31 10:32 - 001164800 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2020-12-10 23:51 - 2020-03-31 10:31 - 005844612 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2020-12-10 23:51 - 2019-05-13 17:44 - 000208896 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2020-12-10 23:51 - 2019-05-13 17:44 - 000681984 _____ () [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2020-12-10 18:59 - 2019-12-23 19:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2020-12-10 18:59 - 2019-06-26 17:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll
2020-04-22 16:35 - 2020-04-22 16:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2020-12-10 23:51 - 2020-02-11 16:02 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\libprotobufd.dll
2019-11-20 16:38 - 2019-11-20 16:38 - 000412160 _____ () [File not signed] C:\Program Files (x86)\ASUS\GPU TweakII\CPUPackageTempDLL.dll
2020-12-10 23:51 - 2020-02-11 16:05 - 000069632 _____ () [File not signed] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\Exeio.dll
2020-11-23 18:42 - 2020-11-23 18:42 - 000356352 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ActionsConverters.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000759808 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyCommands.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000743936 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\LegacyNotifications.dll
2020-11-23 18:03 - 2020-11-23 18:03 - 000658944 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\MobileProto.dll
2020-11-23 18:04 - 2020-11-23 18:04 - 000203776 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\ModelHelpers.dll
2020-11-23 18:03 - 2020-11-23 18:03 - 000209408 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\quazip.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 000101376 _____ () [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\zlib.dll
2019-04-09 09:21 - 2019-04-09 09:21 - 000018432 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libEGL.DLL
2019-04-09 09:21 - 2019-04-09 09:21 - 003572224 _____ () [File not signed] C:\Program Files\TeamSpeak 3 Client\libGLESv2.dll
2020-12-10 19:11 - 2020-12-10 19:11 - 000157696 _____ () [File not signed] C:\Users\***\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2020-05-26 18:08 - 2020-05-26 18:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000108544 _____ (ASUS) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsAcpi.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000676864 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\asacpiEx.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsMultiLang.dll
2020-12-11 00:03 - 2020-02-11 16:02 - 000221184 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\DIP4\AsMultiLang.dll
2020-12-10 18:59 - 2019-10-24 12:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
2021-01-26 21:44 - 2021-01-26 21:44 - 000684544 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieDll.dll
2021-01-26 21:48 - 2021-01-26 21:48 - 000121344 _____ (sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SboxHostDll.dll
2020-10-21 10:59 - 2020-10-21 10:59 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-12-10 18:59 - 2019-06-26 17:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2020-12-10 18:59 - 2019-06-26 17:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2020-12-10 19:00 - 2020-05-14 16:15 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libcrypto-1_1-x64.dll
2020-12-10 19:00 - 2020-05-14 16:15 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\libssl-1_1-x64.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 002516992 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libcrypto-1_1.dll
2020-11-23 18:02 - 2020-11-23 18:02 - 000530944 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [File not signed] C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\libssl-1_1.dll
2020-12-15 19:28 - 2020-12-15 19:28 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-01-27 20:17 - 2020-12-15 19:28 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000078336 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qgifd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000102400 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicnsd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000079360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qicod.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000668160 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qjpegd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000062976 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qsvgd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000062464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtgad.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000654848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qtiffd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000060416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwbmpd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000927744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\imageformats\qwebpd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 003420672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\platforms\qwindowsd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 010995712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Cored.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 011535360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Guid.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000568320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Svgd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 009089024 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Widgetsd.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000312832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\Qt5Xmld.dll
2020-12-10 23:51 - 2020-01-08 13:33 - 000303616 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\styles\qwindowsvistastyled.dll
2019-04-10 17:30 - 2019-04-10 17:30 - 000035328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\iconengines\qsvgicon.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2019-04-09 09:29 - 2019-04-09 09:29 - 000397312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2019-04-10 17:29 - 2019-04-10 17:29 - 000025600 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\imageformats\qsvg.dll
2019-04-09 09:30 - 2019-04-09 09:30 - 001453568 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2019-05-31 12:05 - 2019-05-31 12:05 - 006130176 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Core.dll
2019-04-09 09:25 - 2019-04-09 09:25 - 006470656 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Gui.dll
2019-04-09 09:24 - 2019-04-09 09:24 - 001314816 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Network.dll
2019-04-10 18:31 - 2019-04-10 18:31 - 000317440 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Positioning.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 000318464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5PrintSupport.dll
2019-04-10 17:55 - 2019-04-10 17:55 - 004001792 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Qml.dll
2019-04-10 17:48 - 2019-04-10 17:48 - 003776000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Quick.dll
2019-04-10 17:50 - 2019-04-10 17:50 - 000072704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5QuickWidgets.dll
2019-04-09 09:23 - 2019-04-09 09:23 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Sql.dll
2019-04-10 17:29 - 2019-04-10 17:29 - 000332288 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Svg.dll
2019-04-10 18:40 - 2019-04-10 18:40 - 000113664 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebChannel.dll
2019-04-11 02:37 - 2019-04-11 02:37 - 079989760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineCore.dll
2019-04-11 02:54 - 2019-04-11 02:54 - 000228864 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5WebEngineWidgets.dll
2019-04-09 09:27 - 2019-04-09 09:27 - 005580800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\Qt5Widgets.dll
2019-04-09 09:28 - 2019-04-09 09:28 - 001151488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2019-04-09 09:29 - 2019-04-09 09:29 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\TeamSpeak 3 Client\styles\qwindowsvistastyle.dll
2020-12-10 23:51 - 2020-02-11 16:05 - 000362496 _____ (TODO: <Company name>) [File not signed] [File is in use] C:\Program Files (x86)\ASUS\VGA COM\2.00.05\AsusGpuTweak.dll
2020-12-10 18:59 - 2019-07-31 15:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKU\S-1-5-21-629832801-3061168427-1117579530-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2021-02-03 15:40 - 000000261 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost
192.168.0.194 host.docker.internal
192.168.0.194 gateway.docker.internal
127.0.0.1 kubernetes.docker.internal

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\FAHClient;C:\Program Files\Git\cmd;C:\Program Files\nodejs\;C:\Program Files\dotnet\;C:\xampp\php;C:\composer;C:\Program Files\Docker\Docker\resources\bin;C:\ProgramData\DockerDesktop\version-bin
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\***-wallpaper.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

Network Binding:
=============
Hamachi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "RamCache III "
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{871B3A7F-3007-4AD5-B483-F5022123811A}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [UDP Query User{793E5378-914D-4352-BAF4-3FC4E30AFFFC}C:\program files (x86)\asus\armourydevice\asus_framework.exe] => (Block) C:\program files (x86)\asus\armourydevice\asus_framework.exe (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [TCP Query User{1169B210-74F0-43A0-AE85-4762948E8A3F}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [UDP Query User{8278FD5D-B772-4D28-B7B8-BA441DB9E61B}C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe] => (Block) C:\program files (x86)\asus\armourydevice\dll\armourysocketserver\armourysocketserver.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [TCP Query User{8DBDBC18-365D-48FC-858D-84D11E6C9053}C:\program files (x86)\fahclient\fahclient.exe] => (Block) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [UDP Query User{187F7AAB-2C4E-4370-9A62-1989F044F5B1}C:\program files (x86)\fahclient\fahclient.exe] => (Block) C:\program files (x86)\fahclient\fahclient.exe () [File not signed]
FirewallRules: [{01A32FF9-550F-4EFE-9F8E-4C083EE31E57}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1E2B6590-FC39-4DF4-AB6F-98A96019F7B4}] => (Allow) D:\Steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{6B510401-E676-42B2-BAE5-980CF9AFF50D}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{CD6046A6-5F70-4FEA-B065-43714FD5A57B}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)

==================== Restore Points =========================

19-01-2021 20:24:25 Scheduled Checkpoint
21-01-2021 17:27:42 AURA Service
29-01-2021 15:25:44 DirectX wurde installiert

==================== Faulty Device Manager Devices ============

Name: PCI-Ver-/Entschlüsselungscontroller
Description: PCI-Ver-/Entschlüsselungscontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Gerät
Description: PCI-Gerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (02/03/2021 03:41:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/03/2021 01:26:34 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/03/2021 01:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Hacker Evolution Duality.exe, Version: 5.0.1.0, Zeitstempel: 0x54f6e57a
Name des fehlerhaften Moduls: D3D9.DLL, Version: 10.0.19041.662, Zeitstempel: 0x3292e3dc
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0004fd85
ID des fehlerhaften Prozesses: 0x5d64
Startzeit der fehlerhaften Anwendung: 0x01d6f9c28aafeef8
Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\Hacker Evolution Duality\Hacker Evolution Duality.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\D3D9.DLL
Berichtskennung: 0e900468-ea25-4ba7-b9b2-c96f36441931
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2021 01:25:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Hacker Evolution Duality.exe, Version: 5.0.1.0, Zeitstempel: 0x54f6e57a
Name des fehlerhaften Moduls: D3D9.DLL, Version: 10.0.19041.662, Zeitstempel: 0x3292e3dc
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004fd85
ID des fehlerhaften Prozesses: 0x5d64
Startzeit der fehlerhaften Anwendung: 0x01d6f9c28aafeef8
Pfad der fehlerhaften Anwendung: D:\Steam\steamapps\common\Hacker Evolution Duality\Hacker Evolution Duality.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\D3D9.DLL
Berichtskennung: af6ca99f-4d0d-4f55-a067-514271c8c369
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/03/2021 01:17:04 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/03/2021 01:16:23 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-GVB5PET)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (02/03/2021 12:13:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 10.0.19041.546, Zeitstempel: 0xb850de5d
Name des fehlerhaften Moduls: combase.dll, Version: 10.0.19041.746, Zeitstempel: 0x2f680839
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000aaa02
ID des fehlerhaften Prozesses: 0x219c
Startzeit der fehlerhaften Anwendung: 0x01d6f9b623c2bd5b
Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\DllHost.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\combase.dll
Berichtskennung: 4cfa1059-fbe4-4671-ba6d-b9836d40f771
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/02/2021 09:53:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Barotrauma.exe, Version: 0.11.0.9, Zeitstempel: 0x5ee99cfc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.662, Zeitstempel: 0xec58f015
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000002d759
ID des fehlerhaften Prozesses: 0x5fb0
Startzeit der fehlerhaften Anwendung: 0x01d6f9a5758383ea
Pfad der fehlerhaften Anwendung: C:\Users\***\Downloads\Barotrauma.Uncharted.Depths\Barotrauma.Uncharted.Depths\Barotrauma\Barotrauma.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 1f9e3e4d-b8a3-416d-8588-c9cea65ae3fc
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (02/03/2021 03:40:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SysMain" wurde mit folgendem Fehler beendet: 
Falscher Parameter.

Error: (02/03/2021 03:39:38 PM) (Source: VBoxNetLwf) (EventID: 12) (User: )
Description: Der Treiber hat einen internen Treiberfehler auf \Device\VBoxNetLwf gefunden.

Error: (02/03/2021 03:39:02 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GVB5PET)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/03/2021 03:35:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (02/03/2021 03:35:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Restart the service.

Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Disc Soft Lite Bus Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/03/2021 03:35:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Gaming Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Windows Defender:
===================================
Date: 2021-02-02 22:37:14.1070000Z
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5F8DBCF3-6305-4395-903A-DB02AC057A5A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Full Scan
Benutzer: DESKTOP-GVB5PET\***

Date: 2021-02-02 22:18:58.4770000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0
Name: Trojan:Win32/Ymacco.AA84
ID: 2147757276
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\***\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-GVB5PET\***
Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe
Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-02 22:12:56.1210000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0
Name: Trojan:Win32/Ymacco.AA84
ID: 2147757276
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\***\Downloads\Poly Bridge 2 v1.23\Poly Bridge 2 v1.23.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-GVB5PET\***
Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe
Sicherheitsversion: AV: 1.331.67.0, AS: 1.331.67.0, NIS: 1.331.67.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5

Date: 2021-02-02 15:08:17.4490000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Ymacco.AA84&threatid=2147757276&enterprise=0
Name: Trojan:Win32/Ymacco.AA84
ID: 2147757276
Schweregrad: Severe
Kategorie: Trojan
Pfad: file:_C:\Users\***\Downloads\Hardspace Shipbreaker v0.1.5\Hardspace Shipbreaker v0.1.5.exe
Erkennungsursprung: Local machine
Erkennungstype: FastPath
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-GVB5PET\***
Prozessname: C:\Program Files\qBittorrent\qbittorrent.exe
Sicherheitsversion: AV: 1.329.3319.0, AS: 1.329.3319.0, NIS: 1.329.3319.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

Date: 2021-02-01 04:15:19.0640000Z
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Name: PUA:Win32/Presenoker
ID: 242420
Schweregrad: Low
Kategorie: Potentially Unwanted Software
Pfad: file:_C:\Users\***\AppData\Local\Opera Software\Opera GX Stable\Cache\f_005106; file:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe; file:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe.opdownload; webfile:_C:\Users\***\OneDrive\Desktop\audacity2-4-2.exe|https://www.audacityorg.de/download/audacity2-4-2.exe|pid:32924,ProcessStart:132566108182513824
Erkennungsursprung: Local machine
Erkennungstype: Concrete
Erkennungsquelle: Real-Time Protection
Benutzer: DESKTOP-GVB5PET\***
Prozessname: C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe
Sicherheitsversion: AV: 1.329.3270.0, AS: 1.329.3270.0, NIS: 1.329.3270.0
Modulversion: AM: 1.1.17700.4, NIS: 1.1.17700.4

CodeIntegrity:
===================================

Date: 2021-02-02 22:37:12.2590000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-02-02 22:37:12.2530000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-01-31 11:24:58.3850000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-31 11:24:58.3670000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-25 21:53:36.4470000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-25 21:53:36.4340000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-19 04:17:42.4170000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

Date: 2021-01-19 04:17:42.4030000Z
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 1401 12/03/2020
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B550-F GAMING
Processor: AMD Ryzen 9 5900X 12-Core Processor 
Percentage of memory in use: 33%
Total physical RAM: 32678.25 MB
Available physical RAM: 21697.42 MB
Total Virtual: 38310.25 MB
Available Virtual: 22247.3 MB

==================== Drives ================================

Drive a: (****) (Fixed) (Total:14.65 GB) (Free:14.37 GB) NTFS
Drive c: (Windows) (Fixed) (Total:450.5 GB) (Free:97.04 GB) NTFS
Drive d: (Spiele) (Fixed) (Total:3726 GB) (Free:2139.89 GB) NTFS

\\?\Volume{a50c4c6e-c1c5-4737-b5d1-c330d2935c82}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{04457ac2-27bd-80ff-f2fe-af428262d882}\ () (Fixed) (Total:49.88 GB) (Free:0 GB) NTFS
\\?\Volume{28e62878-b101-a079-8951-5885c200adfd}\ () (Fixed) (Total:1.39 GB) (Free:0 GB) NTFS
\\?\Volume{17b9d833-c057-dc2f-8afe-e0747553a43c}\ () (Fixed) (Total:0 GB) (Free:0 GB) NTFS
\\?\Volume{53c9a71f-9fe8-42a1-98f9-89888f15923a}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.

==================== End of Addition.txt =======================
         
--- --- ---


FRST.txt folgt

Geändert von Dafot (03.02.2021 um 16:03 Uhr)

Alt 03.02.2021, 15:54   #7
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2021
Ran by *** (administrator) on DESKTOP-GVB5PET (ASUS System Product Name) (03-02-2021 15:43:35)
Running from C:\Users\***\OneDrive\Desktop\Logs
Loaded Profiles: ***
Platform: Windows 10 Pro Version 20H2 19042.746 (X64) Language: Englisch (Großbritannien)
Default browser: Opera
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\FAHClient\FAHClient.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe <2>
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe
(ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe
(ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\GPU TweakII\Monitor.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\LightingService\LightingService.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
(ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.) C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
(ASUSTeK Computer Inc. -> TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE.exe
(Discord Inc. -> Discord Inc.) C:\Users\***\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\com.docker.service
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\Docker Desktop.exe
(Docker Inc -> Docker Inc.) C:\Program Files\Docker\Docker\resources\com.docker.backend.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe
(Gaijin Network LTD -> Gaijin) C:\Users\***\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Kristjan Skutta -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc. -> LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\***\AppData\Local\Programs\Microsoft VS Code\Code.exe <8>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2101.1002.1.0_x64__8wekyb3d8bbwe\XboxPcApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.47.10001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.420.11102.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe <2>
(Opera Software AS -> Opera Software) C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera.exe <52>
(Opera Software AS -> Opera Software) C:\Users\***\AppData\Local\Programs\Opera GX\72.0.3815.487\opera_crashreporter.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(sandboxie-plus.com) [File not signed] C:\Program Files\Sandboxie\SbieSvc.exe
(Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe <4>
(Skutta, Kristjan -> ) D:\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Steam\steam.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [CORSAIR iCUE Software] => C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [410152 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-17] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [RamCache III ] => C:\Program Files (x86)\RamCache III\RamCache.exe [5416728 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5890504 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Steam] => D:\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [365512 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-27] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [2566064 2021-01-21] (Docker Inc -> Docker Inc.)
HKU\S-1-5-21-629832801-3061168427-1117579530-1001\...\Run: [Gaijin.Net Updater] => C:\Users\***\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKLM\...\Print\Monitors\HP E511 Status Monitor: C:\Windows\system32\hpinkstsE511LM.dll [393352 2017-03-09] (Hewlett Packard -> HP Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk [2020-12-12]
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe () [File not signed]

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0143656C-1352-43B2-B3D2-E90EFFDCE983} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe [56784 2020-08-27] (ASUSTeK Computer Inc. -> )
Task: {0473DF70-B202-483D-A1D0-DF63E551836D} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4329008 2020-02-11] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {04BAB218-20CA-4007-B360-AD3169E32E05} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {05F1CCCF-0B67-4A82-9DEB-B72B32A88D6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD)
Task: {18510097-9AF5-45EB-A09A-6457121CFA28} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3994024 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E0696C9-442B-4188-94A0-8F8F2395AF9A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {291C4142-B057-4AB8-914F-A9665F47A111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC)
Task: {347FA865-78DC-448F-982C-4DC2C0F86FDF} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore1d6cf1e5114a45 => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {365FC414-245A-454E-8C39-61AD4AAD9E1A} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [64936 2021-01-13] (Microsoft Corporation -> Microsoft)
Task: {42AA9FFD-20F4-4123-8122-A72BC0CC921A} - System32\Tasks\ASUS\ArmourySocketServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe [1891432 2020-10-16] (ASUSTeK Computer Inc. -> ASUS)
Task: {478B7906-24BE-41E4-B4BE-95A34C89CDB7} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4A340641-FDA6-4604-AD27-6D8B00F37F83} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5154EB9D-3576-4D6E-84DB-873D9EB827C6} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {58E8BC50-CF24-495A-8E62-7BB0343DE640} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {665F9586-578E-466C-9833-78B59D89123C} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1469288 2020-02-25] (ASUSTeK Computer Inc. -> )
Task: {66B1C6A7-9BDE-492C-AA6C-D122E83CEAAC} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {73CAFB4B-9668-4DF9-A860-CAB19131984D} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2112560 2020-01-08] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {75BC2A88-3584-48A7-9D16-B3D48B90AD95} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B1D328E-0A12-4F30-8B2D-184D34665D12} - System32\Tasks\ASUS\ArmouryAIOFanServer => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe [1039360 2020-11-10] (TODO: <Company name>) [File not signed]
Task: {7FB1EE3B-210E-4616-BB9B-258CECD89FBB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {90F637DF-B836-4A6B-B712-9F3FA3D63161} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [12933600 2020-12-02] (ASUSTEK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
Task: {91051D95-4C90-4F8F-BA99-31A8B0C85573} - System32\Tasks\ASUS\NoiseCancelingEngine.exe => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe [1232904 2020-08-13] (ASUSTeK Computer Inc. -> ASUS)
Task: {91B3B63C-FC75-43C4-9E04-BB89455FC08D} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1509424 2020-03-31] (ASUSTeK Computer Inc. -> )
Task: {A2B1786A-58EC-4541-8F66-0BB1B2745C06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AD84F8F1-5044-450F-8EA2-056936FBD315} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {B1F6C1A0-E3B6-4FE2-933B-C4632890E469} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-25] (Google LLC -> Google LLC)
Task: {B934DC97-970E-4EFB-B96B-25B20E172DE8} - System32\Tasks\Opera GX scheduled Autoupdate 1607692819 => C:\Users\***\AppData\Local\Programs\Opera GX\launcher.exe [1664664 2021-01-26] (Opera Software AS -> Opera Software)
Task: {C9722CB1-5AD7-4AD0-A15C-6A3739A4ADFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3994024 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {D24DD9FE-C9EA-4666-B989-42A57C3620BE} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {DABE9E31-1AFB-47B6-A819-0BE33D3E8A5F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {DCEC519B-4ED9-4E14-850B-2053D0133529} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E1ABEDE4-F6A8-47EE-935E-76328A73D5E1} - System32\Tasks\ASUS\Framework Service => C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe [45278736 2020-09-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {E3099887-C4B3-4973-BA83-1EF28F3B362B} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E4937235-A4D5-4C1E-9381-18337C8E8EA3} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {F2CA5E44-910A-471C-8EFE-B81EFB0488BB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-629832801-3061168427-1117579530-500 => C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{377b5f12-fefd-41eb-a852-66421703ad3b}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{39db88fc-71f6-40ec-99ce-b07a3187949c}: [DhcpNameServer] 172.18.0.24
Tcpip\..\Interfaces\{89036400-ea9f-4c33-a062-f311870e9c6c}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-03]
Edge Extension: (Outlook) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-12-11]
Edge Extension: (Word) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-12-11]
Edge Extension: (Excel) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-12-11]
Edge Extension: (PowerPoint) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-12-11]

FireFox:
========
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [File not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files (x86)\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-03] (Microsoft Corporation -> Microsoft Corporation)

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-629832801-3061168427-1117579530-1001) Opera GXStable - "C:\Users\***\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ArmouryCrateService; C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe [344184 2021-01-21] (ASUSTeK COMPUTER INC. -> ASUSTeK COMPUTER INC.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.00.45\atkexComSvc.exe [442416 2020-09-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 asus; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.86\AsusFanControlService.exe [2070576 2020-02-14] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S3 asusm; C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [168520 2020-12-10] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusUpdateCheck; C:\Windows\System32\AsusUpdateCheck.exe [1122840 2021-02-03] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8895512 2020-12-10] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [16336 2021-01-21] (Docker Inc -> Docker Inc.)
R2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [616344 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CueLLAccessService.exe [421928 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [56872 2020-11-23] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 Dashlane Vpn Service; C:\Program Files (x86)\Dashlane\VPN\Service\VpnService.exe [3403264 2020-12-07] (Dashlane USA, Inc. -> AnchorFree Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4581320 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-12-18] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-12-08] (FUTUREMARK INC -> Futuremark)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3361736 2019-04-02] (LogMeIn, Inc. -> LogMeIn Inc.)
R2 LightingService; C:\Program Files (x86)\LightingService\LightingService.exe [3053656 2021-01-11] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-01-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2488664 2021-01-11] (Overwolf Ltd -> Overwolf LTD)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [558144 2020-12-15] (geek software GmbH -> geek software GmbH)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2020-12-17] (Even Balance, Inc. -> )
S3 Rockstar Service; D:\Rockstar\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R2 ROG Live Service; C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe [5463128 2021-01-18] (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [323584 2021-01-26] (sandboxie-plus.com) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746504 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R2 Wallpaper Engine Service; D:\Steam\steamapps\common\wallpaper_engine\bin\wallpaperservice32_c.exe [514552 2020-12-14] (Kristjan Skutta -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\NisSrv.exe [2491880 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2011.6-0\MsMpEng.exe [128376 2020-12-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a51067c0ac557884\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2020-02-19] (AnchorFree Inc -> The OpenVPN Project)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [34112 2019-07-02] (ASUSTeK Computer Inc. -> )
R1 Asusgio2; C:\Windows\system32\drivers\AsIO2.sys [33832 2019-04-09] (ASUSTeK Computer Inc. -> )
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [60312 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccess3B84E98236B28D4E075D5737DF9F567A1FB76E8A; C:\Program Files (x86)\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [21752 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [45984 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [21920 2020-10-29] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz149; C:\Windows\temp\cpuz149\cpuz149_x64.sys [44320 2021-02-03] (CPUID S.A.R.L.U. -> CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2020-12-10] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneTechIo; C:\Windows\system32\drivers\ene.sys [20992 2020-05-12] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-02] (Malwarebytes Corporation -> Malwarebytes)
R0 FNETHYRAMAS; C:\Windows\System32\drivers\FNETHYRAMAS.SYS [56496 2020-12-11] (FNet Co., Ltd. -> FNet Co., Ltd.)
R1 GLCKIO2; C:\Windows\system32\drivers\GLCKIO2.sys [29368 2019-04-24] (ASUSTeK Computer Inc. -> )
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2019-04-02] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 IGO_VSD; C:\Windows\system32\drivers\igovsd.sys [40224 2020-07-07] (British Cayman Islands Intelligo Technology Inc. Taiwan Branch -> Intelli-go)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [35344 2020-11-03] (ASUSTEK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220600 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-03] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-02] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142440 2021-02-03] (Malwarebytes Inc -> Malwarebytes)
R1 MSIO; C:\Windows\system32\drivers\MsIo64.sys [17424 2020-01-19] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [182160 2021-01-26] (NGO -> sandboxie-plus.com)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239432 2020-10-16] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249344 2020-10-16] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [48536 2020-12-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [429296 2020-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [70896 2020-12-11] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\***\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Users\***\AppData\Local\Temp\Rar$EXa12664.29463\LibreHardwareMonitorLib.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-03 15:39 - 2021-02-03 15:39 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-02-03 15:39 - 2021-02-03 15:39 - 000142440 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-02-03 15:39 - 2021-02-03 15:39 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-02-03 01:46 - 2021-02-03 01:46 - 000174896 _____ C:\Users\***\Downloads\Leistungsnachweis (5).pdf
2021-02-03 00:59 - 2021-02-03 00:59 - 000000000 ____D C:\ProgramData\Mount and Blade II Bannerlord
2021-02-02 23:47 - 2021-02-02 23:47 - 000000000 ____D C:\Users\***\OneDrive\Documents\Dry Cactus
2021-02-02 23:47 - 2021-02-02 23:47 - 000000000 ____D C:\Users\***\AppData\LocalLow\Dry Cactus
2021-02-02 22:49 - 2021-02-02 22:50 - 000000000 ____D C:\AdwCleaner
2021-02-02 22:48 - 2021-02-03 15:43 - 000000000 ____D C:\FRST
2021-02-02 22:47 - 2021-02-02 22:47 - 000055387 _____ C:\Users\***\Downloads\FRST.txt
2021-02-02 22:36 - 2021-02-02 22:36 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000220600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-02-02 22:36 - 2021-02-02 22:36 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\Users\***\AppData\Local\mbam
2021-02-02 22:36 - 2021-02-02 22:36 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-02 22:35 - 2021-02-02 22:35 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-02 21:54 - 2021-02-02 21:54 - 000000000 ____D C:\Users\***\AppData\Local\Daedalic Entertainment GmbH
2021-02-02 20:15 - 2021-02-02 20:16 - 000000000 ____D C:\Users\***\AppData\Roaming\RetroArch
2021-02-02 20:15 - 2021-02-02 20:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RetroArch
2021-02-02 20:09 - 2021-02-02 20:09 - 000002082 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yuzu.lnk
2021-02-02 20:09 - 2021-02-02 20:09 - 000001320 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yuzu Maintenance Tool.lnk
2021-02-02 20:08 - 2021-02-02 20:09 - 000000000 ____D C:\Users\***\AppData\Local\yuzu
2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ C:\Users\***\AppData\Local\recently-used.xbel
2021-02-02 19:42 - 2021-02-02 19:42 - 000000000 ____D C:\Users\***\AppData\Local\gtk-3.0
2021-02-02 19:41 - 2021-02-02 19:41 - 000000000 ____D C:\Users\***\AppData\Roaming\Ryujinx
2021-02-02 18:31 - 2021-02-02 18:31 - 000000000 ____D C:\Users\***\AppData\LocalLow\Spiderling Games
2021-02-02 18:20 - 2021-02-02 18:20 - 000000000 ____D C:\Users\***\AppData\Local\ElevatedDiagnostics
2021-02-02 15:22 - 2021-02-02 22:23 - 000000000 ____D C:\Users\***\AppData\Roaming\Goldberg SteamEmu Saves
2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\var
2021-02-02 15:22 - 2021-02-02 15:22 - 000000000 ____D C:\Users\***\AppData\LocalLow\Blackbird Interactive
2021-02-02 15:18 - 2021-02-02 15:18 - 000000000 ____D C:\Users\***\Downloads\Hardspace.Shipbreaker.v0.3.0
2021-02-02 15:09 - 2021-02-02 15:18 - 1531094714 _____ C:\Users\***\Downloads\Hardspace.Shipbreaker.v0.3.0.rar
2021-02-02 12:47 - 2021-02-02 12:48 - 059720373 _____ C:\Users\***\Downloads\SSS-0.4-market.zip
2021-02-01 02:29 - 2021-02-01 02:29 - 033128832 _____ C:\Users\***\Downloads\Englischkurs_CD06 (1).zip.opdownload
2021-02-01 01:54 - 2021-02-01 01:54 - 133516379 _____ C:\Users\***\Downloads\Englischkurs_CD06.zip
2021-02-01 01:08 - 2021-02-01 01:23 - 000000000 ____D C:\Users\***\OneDrive\Documents\Audacity
2021-02-01 01:01 - 2021-02-01 01:01 - 002652579 _____ C:\Users\***\Downloads\Nezzer_EXM_02.m4a
2021-02-01 00:54 - 2021-02-01 06:30 - 000000000 ____D C:\Users\***\AppData\Roaming\audacity
2021-02-01 00:54 - 2021-02-01 00:54 - 000001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000001083 _____ C:\ProgramData\Desktop\Audacity.lnk
2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Users\***\AppData\Local\Audacity
2021-02-01 00:54 - 2021-02-01 00:54 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-02-01 00:14 - 2021-02-01 00:14 - 000877636 _____ C:\Users\***\Downloads\Vorschau_54210_Achsensymmetrie_-_Lernen_an_Stationen.pdf
2021-02-01 00:06 - 2021-02-01 00:06 - 000174765 _____ C:\Users\***\Downloads\Leistungsnachweis (4) (1).pdf
2021-02-01 00:03 - 2021-02-01 00:03 - 000174765 _____ C:\Users\***\Downloads\Leistungsnachweis (4).pdf
2021-01-31 19:34 - 2021-01-31 19:34 - 000000000 ___RD C:\Sandbox
2021-01-31 19:33 - 2021-01-31 19:43 - 000001488 _____ C:\Windows\Sandboxie.ini
2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2021-01-31 19:33 - 2021-01-31 19:33 - 000000000 ____D C:\Program Files\Sandboxie
2021-01-31 19:32 - 2021-01-31 19:33 - 005240143 _____ C:\Users\***\Downloads\Sandboxie-Classic-v5.46.5.zip
2021-01-31 19:23 - 2021-01-31 19:23 - 000077538 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-31 at 19.21.42.jpeg
2021-01-31 17:51 - 2021-01-31 17:51 - 000166132 _____ C:\Users\***\Downloads\Abwassersatzung Ketsch 2015.pdf
2021-01-31 17:48 - 2021-01-31 17:48 - 000034005 _____ C:\Users\***\Downloads\Badeordnung.pdf
2021-01-31 12:10 - 2021-01-31 12:10 - 095088730 _____ C:\Users\***\Downloads\Spanischkurs_CD08.zip
2021-01-31 11:38 - 2021-01-31 11:38 - 000000000 ____D C:\Users\***\AppData\LocalLow\DefaultCompany
2021-01-29 19:15 - 2021-01-29 19:19 - 000000000 ____D C:\Users\***\OneDrive\Documents\Assassin's Creed Origins
2021-01-29 18:54 - 2021-01-29 18:54 - 000715606 _____ C:\Users\***\Downloads\Compensation - v0.86.html
2021-01-29 18:41 - 2021-01-29 18:41 - 000000000 ____D C:\Users\***\AppData\Roaming\LoCity3D
2021-01-29 18:38 - 2021-01-29 18:41 - 237075105 _____ C:\Users\***\Downloads\LoCity3D DEMO Alpha 1.2.7z
2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lily
2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Users\***\AppData\LocalLow\Youth Everlasting
2021-01-29 16:43 - 2021-01-29 16:43 - 000000000 ____D C:\Program Files (x86)\Youth Everlasting
2021-01-29 16:41 - 2021-01-29 16:41 - 000000014 _____ C:\Users\***\Downloads\censorship.dat
2021-01-29 15:26 - 2021-01-29 15:27 - 000000000 ____D C:\Users\***\OneDrive\Documents\Assassin's Creed IV Black Flag
2021-01-29 15:15 - 2021-01-29 15:15 - 000006277 _____ C:\Users\***\Downloads\message (5).txt
2021-01-29 14:43 - 2021-01-29 14:43 - 003094193 _____ C:\Users\***\Downloads\APA_-_AstraZeneca.pdf.pdf
2021-01-29 14:42 - 2021-01-29 14:42 - 000032056 _____ C:\Users\***\Downloads\Vaccines__contract_between_European_Commission_and_AstraZeneca_now_published.pdf
2021-01-28 23:01 - 2021-01-28 23:01 - 000173067 _____ C:\Users\***\Downloads\Teilnahmebescheinigung.pdf
2021-01-28 23:00 - 2021-01-28 23:00 - 000174646 _____ C:\Users\***\Downloads\Leistungsnachweis (3).pdf
2021-01-28 19:07 - 2021-01-28 19:07 - 000000000 ____D C:\Users\***\AppData\LocalLow\Rejected Games
2021-01-28 19:03 - 2021-01-28 19:03 - 000000000 ____D C:\Users\***\AppData\LocalLow\VirtualBrightPlayz
2021-01-28 18:23 - 2021-02-03 08:05 - 000000000 ____D C:\Users\***\AppData\Roaming\power-nativefier-adf79a
2021-01-28 17:38 - 2021-01-29 19:15 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\ProgramData\Ubisoft
2021-01-28 17:38 - 2021-01-28 17:38 - 000000000 ____D C:\Program Files (x86)\Ubisoft
2021-01-28 16:25 - 2021-01-28 16:25 - 000000000 ____D C:\Users\***\AppData\LocalLow\Wastelands Interactive
2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\***\OneDrive\Documents\Train Station Renovation
2021-01-28 16:16 - 2021-01-28 16:16 - 000000000 ____D C:\Users\***\AppData\LocalLow\Live Motion Games
2021-01-28 15:59 - 2021-01-28 15:59 - 000000000 ____D C:\Users\***\OneDrive\Documents\Wastelands-Interactive
2021-01-28 09:03 - 2021-01-28 09:03 - 008479472 _____ C:\Users\***\Downloads\Degrees_mod_0.1.24.0_mod_1.9.1.rar
2021-01-27 20:42 - 2021-01-27 20:42 - 000461912 _____ C:\Users\***\Downloads\11174_Kontenrahmen DATEV SKR 03.pdf
2021-01-27 20:41 - 2021-01-27 20:41 - 009229367 _____ C:\Users\***\Downloads\HHPL_2021_Onlineversion_14_01_2021 (1).pdf
2021-01-27 20:39 - 2021-01-27 20:39 - 009229367 _____ C:\Users\***\Downloads\HHPL_2021_Onlineversion_14_01_2021.pdf
2021-01-27 19:46 - 2021-01-27 19:48 - 000000000 ____D C:\Users\***\AppData\Roaming\Docker Desktop
2021-01-26 00:58 - 2021-01-26 00:58 - 000000423 _____ C:\Users\***\Downloads\jsonformatter (2).txt
2021-01-26 00:56 - 2021-01-26 00:56 - 000000479 _____ C:\Users\***\Downloads\jsonformatter (1).txt
2021-01-26 00:49 - 2021-01-26 00:49 - 000000015 _____ C:\Users\***\Downloads\jsonformatter.txt
2021-01-25 23:29 - 2021-01-25 23:29 - 000000204 _____ C:\Users\***\.gitconfig
2021-01-25 14:16 - 2021-01-25 14:16 - 120820514 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.13-20210125T131437Z-001.zip
2021-01-25 14:12 - 2021-01-25 14:12 - 119173440 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.13.zip
2021-01-25 13:58 - 2021-01-25 13:58 - 000000000 ____D C:\Users\***\AppData\Roaming\com.lilithsthrone.main.Main
2021-01-25 13:56 - 2021-01-25 13:56 - 051169217 _____ C:\Users\***\Downloads\Lilith's Throne v0.3.1.8.zip
2021-01-25 04:50 - 2021-01-25 04:50 - 156422624 _____ C:\Users\***\Downloads\PSST-pc.rar
2021-01-24 21:59 - 2021-01-24 21:59 - 000392398 _____ C:\Users\***\Downloads\Boyagio Chapter 2 - 2020.pdf
2021-01-24 21:53 - 2021-01-24 21:53 - 000151928 _____ C:\Users\***\Downloads\Boyagio Chapter 1 - 2020.pdf
2021-01-24 21:51 - 2021-01-24 21:51 - 000214549 _____ C:\Users\***\Downloads\Apprentice and King - Ch1-3 for release.pdf
2021-01-24 01:04 - 2021-01-24 01:06 - 000000031 _____ C:\Users\***\.node_repl_history
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (3).pdf
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (2).pdf
2021-01-23 21:20 - 2021-01-23 21:20 - 000111490 _____ C:\Users\***\Downloads\twd (1).pdf
2021-01-23 21:19 - 2021-01-23 21:19 - 000111490 _____ C:\Users\***\Downloads\twd.pdf
2021-01-23 20:23 - 2021-01-23 20:23 - 000000000 ____D C:\Users\***\AppData\Local\IO Interactive
2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\***\AppData\Roaming\IO Interactive
2021-01-23 20:19 - 2021-01-23 20:19 - 000000000 ____D C:\Users\***\AppData\Local\Epic Games
2021-01-23 20:09 - 2021-01-23 20:09 - 000159421 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-23 at 20.05.11.jpeg
2021-01-23 20:06 - 2021-01-23 20:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman 3
2021-01-23 16:05 - 2021-02-02 23:44 - 000000000 ____D C:\Users\***\AppData\Roaming\qBittorrent
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Users\***\AppData\Local\qBittorrent
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2021-01-23 16:05 - 2021-01-23 16:05 - 000000000 ____D C:\Program Files\qBittorrent
2021-01-23 15:56 - 2021-01-23 15:56 - 000027012 _____ C:\Users\***\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b (1).dlc
2021-01-23 15:55 - 2021-01-23 15:55 - 000027012 _____ C:\Users\***\Downloads\b64c886ef8004f8ee33f4c6c7732bfedc4057c0b.dlc
2021-01-23 15:49 - 2021-01-23 15:49 - 000029360 _____ C:\Users\***\Downloads\d62857db3247a973c56b1e6b8646baabc5d5b5c1.dlc
2021-01-23 14:05 - 2021-01-23 14:05 - 000000000 ____D C:\Users\***\OneDrive\Documents\EVE
2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\***\AppData\Local\LauncherCrashes
2021-01-23 13:55 - 2021-01-23 13:55 - 000000000 ____D C:\Users\***\AppData\Local\CCP
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\Users\***\AppData\Local\Gaijin
2021-01-21 21:37 - 2021-01-21 21:37 - 000000000 ____D C:\ProgramData\Gaijin
2021-01-21 16:41 - 2021-01-21 16:41 - 000097854 _____ C:\Users\***\Downloads\WhatsApp Image 2021-01-21 at 10.49.26.jpeg
2021-01-21 09:29 - 2021-01-21 09:29 - 000059627 _____ C:\Users\***\Downloads\Sozialversicherungen.pdf
2021-01-21 04:47 - 2021-01-21 04:52 - 000000000 ____D C:\Users\***\OneDrive\Documents\Universe Sandbox
2021-01-21 04:47 - 2021-01-21 04:47 - 000000000 ____D C:\Users\***\AppData\LocalLow\Giant Army
2021-01-21 04:30 - 2021-01-21 04:30 - 000002149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Docker Desktop.lnk
2021-01-19 14:03 - 2021-01-19 14:03 - 000174645 _____ C:\Users\***\Downloads\Leistungsnachweis (2).pdf
2021-01-19 11:31 - 2021-01-21 04:26 - 000000000 ____D C:\Users\***\AppData\Local\Docker Desktop Installer
2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProTypers
2021-01-19 01:31 - 2021-01-19 01:31 - 000000000 ____D C:\Users\***\AppData\Local\TyperSolver
2021-01-18 21:00 - 2021-01-18 21:00 - 000174645 _____ C:\Users\***\Downloads\Leistungsnachweis (1).pdf
2021-01-18 20:40 - 2021-01-18 20:40 - 000776707 _____ C:\Users\***\Downloads\PIR00_K02 (1).pdf
2021-01-18 20:39 - 2021-01-18 20:39 - 000776707 _____ C:\Users\***\Downloads\PIR00_K02.pdf
2021-01-18 06:44 - 2021-01-18 06:44 - 601207032 _____ C:\Users\***\Downloads\EveeFanGameAlpha001.7z
2021-01-18 06:42 - 2021-01-18 06:51 - 040686870 _____ C:\Users\***\Downloads\DNd_Poisoned.rar
2021-01-15 15:57 - 2021-01-15 15:57 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 002254336 _____ C:\Windows\system32\dwmscene.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 001162240 _____ C:\Windows\system32\MBR2GPT.EXE
2021-01-15 15:57 - 2021-01-15 15:57 - 000729600 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000643072 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000595968 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000581120 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-15 15:57 - 2021-01-15 15:57 - 000575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000562688 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-15 15:57 - 2021-01-15 15:57 - 000544768 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-15 15:57 - 2021-01-15 15:57 - 000469504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000467968 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000455680 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000455168 _____ C:\Windows\system32\ssdm.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000422912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-15 15:57 - 2021-01-15 15:57 - 000374072 _____ C:\Windows\system32\vp9fs.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000330752 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000306688 _____ C:\Windows\system32\HeatCore.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000304128 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000238592 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000235520 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000234496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000190976 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000165888 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-15 15:57 - 2021-01-15 15:57 - 000157184 _____ C:\Windows\system32\uwfcsp.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000152064 _____ C:\Windows\system32\EoAExperiences.exe
2021-01-15 15:57 - 2021-01-15 15:57 - 000138056 _____ C:\Windows\system32\HvsiManagementApi.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-15 15:57 - 2021-01-15 15:57 - 000101704 _____ C:\Windows\SysWOW64\HvsiManagementApi.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000095744 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000074240 _____ C:\Windows\system32\rdsxvmaudio.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-15 15:57 - 2021-01-15 15:57 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-15 15:57 - 2021-01-15 15:57 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000053760 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-15 15:57 - 2021-01-15 15:57 - 000010894 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-01-15 03:38 - 2021-01-15 03:38 - 000000000 ____D C:\Users\***\AppData\Local\Teradici
2021-01-15 03:37 - 2021-01-15 03:37 - 000000000 ____D C:\Users\***\AppData\Local\Amazon Web Services
2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\Users\Public\Desktop\Amazon WorkSpaces.lnk
2021-01-15 03:36 - 2021-01-15 03:36 - 000001369 _____ C:\ProgramData\Desktop\Amazon WorkSpaces.lnk
2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon WorkSpaces
2021-01-15 03:36 - 2021-01-15 03:36 - 000000000 ____D C:\Program Files (x86)\Amazon Web Services, Inc
2021-01-15 01:54 - 2021-01-15 01:54 - 011145670 _____ C:\Users\***\Downloads\Oracle_VM_VirtualBox_Extension_Pack-6.1.16.vbox-extpack
2021-01-15 01:51 - 2021-01-15 01:51 - 000290435 _____ C:\Users\***\Downloads\kali-linux-2020.4-vbox-amd64.ova.torrent
2021-01-15 01:50 - 2021-01-15 02:11 - 3798939648 _____ C:\Users\***\Downloads\kali-linux-2020.4-vbox-amd64.ova
2021-01-15 01:34 - 2021-01-15 01:34 - 000001780 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane.lnk
2021-01-15 01:34 - 2021-01-15 01:34 - 000000000 ____D C:\Users\***\AppData\LocalLow\Dashlane
2021-01-15 01:33 - 2021-01-23 17:17 - 000000000 ____D C:\Users\***\AppData\Roaming\Dashlane
2021-01-15 01:33 - 2021-01-15 01:33 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2021-01-14 22:27 - 2021-01-14 22:27 - 000000365 _____ C:\Users\***\Downloads\user-minus.svg
2021-01-14 21:51 - 2021-01-14 21:51 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2021-01-14 20:29 - 2021-01-14 20:31 - 080338394 _____ C:\Users\***\Downloads\Juvisu 0.1.0.zip
2021-01-14 20:27 - 2021-01-14 20:27 - 000158013 _____ C:\Users\***\Downloads\BrothersKeeper0.4.zip
2021-01-14 17:48 - 2021-01-14 17:48 - 000505278 _____ C:\Users\***\Downloads\BeamMP_Server.zip
2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\***\Downloads\dollar-sign (2).svg
2021-01-14 15:38 - 2021-01-14 15:38 - 000000334 _____ C:\Users\***\Downloads\dollar-sign (1).svg
2021-01-14 02:59 - 2021-01-14 02:59 - 000000918 _____ C:\Users\***\package-lock.json
2021-01-14 02:59 - 2021-01-14 02:59 - 000000404 _____ C:\Users\***\Downloads\user-x.svg
2021-01-14 02:59 - 2021-01-14 02:59 - 000000000 ____D C:\Users\***\node_modules
2021-01-14 00:26 - 2021-01-14 00:26 - 000000373 _____ C:\Users\***\Downloads\plus-square.svg
2021-01-14 00:26 - 2021-01-14 00:26 - 000000351 _____ C:\Users\***\Downloads\plus-circle.svg
2021-01-14 00:25 - 2021-01-14 00:25 - 000000334 _____ C:\Users\***\Downloads\dollar-sign.svg
2021-01-14 00:22 - 2021-01-14 00:22 - 000000315 _____ C:\Users\***\Downloads\pie-chart.svg
2021-01-14 00:11 - 2021-01-14 00:11 - 000000428 _____ C:\Users\***\Downloads\message-circle.svg
2021-01-14 00:11 - 2021-01-14 00:11 - 000000314 _____ C:\Users\***\Downloads\send.svg
2021-01-14 00:10 - 2021-01-14 00:10 - 000000408 _____ C:\Users\***\Downloads\user-plus.svg
2021-01-14 00:10 - 2021-01-14 00:10 - 000000386 _____ C:\Users\***\Downloads\tool.svg
2021-01-13 21:36 - 2021-01-13 21:36 - 000000000 ____D C:\Users\***\OneDrive\Documents\Egosoft
2021-01-13 18:38 - 2021-01-13 19:10 - 000000000 ____D C:\Users\***\AppData\Roaming\BeamMP Launcher
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BeamMP Launcher
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Roaming\BeamMP
2021-01-13 18:38 - 2021-01-13 18:38 - 000000000 ____D C:\Users\***\AppData\Local\Caphyon
2021-01-13 18:37 - 2021-01-13 18:37 - 015464292 _____ C:\Users\***\Downloads\BeamMP_Installer.zip
2021-01-13 16:49 - 2021-01-13 16:49 - 000000000 ____D C:\Users\***\AppData\Roaming\Skype
2021-01-13 06:22 - 2021-01-13 06:22 - 000000000 ____D C:\Users\***\.matplotlib
2021-01-13 06:14 - 2021-01-13 06:14 - 001740714 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Users\***\AppData\Local\NuGet
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2021-01-13 06:14 - 2021-01-13 06:14 - 000000000 ____D C:\Program Files (x86)\MySQL
2021-01-13 05:59 - 2021-01-13 05:59 - 000000000 ____D C:\Users\***\AppData\Roaming\NuGet
2021-01-13 05:56 - 2021-01-13 05:56 - 000000000 ____D C:\Users\***\.templateengine
2021-01-13 04:21 - 2021-01-13 06:38 - 000156498 _____ C:\Users\***\Untitled2.ipynb
2021-01-13 02:51 - 2021-01-13 02:51 - 001507766 _____ C:\Users\***\Downloads\CAREtaker v0.5.4.1.1-bugfixed.html
2021-01-12 14:28 - 2021-01-18 14:32 - 000000000 ___SD C:\Windows\system32\lxss
2021-01-12 14:28 - 2021-01-12 14:28 - 000001162 _____ C:\Windows\system32\config\VSMIDK
2021-01-12 14:28 - 2021-01-12 14:28 - 000000000 ___SD C:\Windows\SysWOW64\lxss
2021-01-12 02:33 - 2021-01-12 02:33 - 016528923 _____ C:\Users\***\Downloads\wordpress-5.6 (1).zip
2021-01-12 02:24 - 2021-01-12 02:25 - 016528923 _____ C:\Users\***\Downloads\wordpress-5.6.zip
2021-01-12 02:07 - 2021-01-12 02:09 - 000000838 _____ C:\Users\***\Untitled1.ipynb
2021-01-12 01:32 - 2021-01-13 06:17 - 000000000 ____D C:\Users\***\.keras
2021-01-12 01:31 - 2021-01-13 06:36 - 000000000 ____D C:\Users\***\AppData\Roaming\jupyter
2021-01-12 01:31 - 2021-01-13 04:21 - 000000000 ____D C:\Users\***\.ipynb_checkpoints
2021-01-12 01:31 - 2021-01-12 01:35 - 000000618 _____ C:\Users\***\Untitled.ipynb
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\***\AppData\Local\Yarn
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\Users\***\.jupyter
2021-01-12 01:31 - 2021-01-12 01:31 - 000000000 ____D C:\ProgramData\jupyter
2021-01-12 01:18 - 2021-01-12 01:18 - 000000000 ____D C:\Users\***\.conda
2021-01-12 01:10 - 2021-01-12 01:25 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)
2021-01-12 01:10 - 2021-01-12 01:10 - 000000000 ____D C:\Users\***\OneDrive\Documents\Python Scripts
2021-01-12 01:09 - 2021-01-12 01:20 - 000000000 ____D C:\Users\***\anaconda3
2021-01-12 01:03 - 2021-01-12 01:03 - 063128149 _____ C:\Users\***\Downloads\tensorflow-1.13.1-cp35-cp35m-win_amd64.whl
2021-01-11 16:46 - 2021-01-11 16:46 - 000000000 ____D C:\Users\***\AppData\Roaming\PsySH
2021-01-11 16:09 - 2021-01-11 16:09 - 000552212 _____ C:\Users\***\Downloads\Carnal Apostle 0.1.html
2021-01-11 02:34 - 2021-01-11 02:34 - 001447147 _____ C:\Users\***\Downloads\CAREtaker v0.5.3.5.4b - Test Build (1).html
2021-01-11 02:30 - 2021-01-11 02:30 - 000000000 ____D C:\Users\***\AppData\Local\Lisa the ghost witch
2021-01-11 02:29 - 2021-01-11 02:29 - 000000000 ____D C:\Users\***\Downloads\Lisa the ghost witch
2021-01-11 02:28 - 2021-01-11 02:29 - 116495692 _____ C:\Users\***\Downloads\Lisa the ghost witch.zip
2021-01-11 02:10 - 2021-01-11 02:13 - 227600872 _____ C:\Users\***\Downloads\InnocentCity-Demo2-pc (1).rar
2021-01-11 02:04 - 2021-01-11 02:06 - 123657626 _____ C:\Users\***\Downloads\BSCURP-Alpha-1.7.1-pc.zip
2021-01-10 06:02 - 2021-01-10 06:02 - 000000000 ____D C:\Users\***\AppData\Local\Composer
2021-01-10 06:01 - 2021-01-10 06:02 - 000000000 ____D C:\Users\***\AppData\Roaming\Composer
2021-01-10 06:01 - 2021-01-10 06:01 - 000000000 ____D C:\composer
2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\***\Downloads\composer.phar
2021-01-10 06:00 - 2021-01-10 06:00 - 002200574 _____ C:\Users\***\Downloads\composer (1).phar
2021-01-10 05:53 - 2021-01-10 05:57 - 000000000 ____D C:\Users\***\.docker
2021-01-10 05:52 - 2021-02-03 15:39 - 000000000 ____D C:\ProgramData\DockerDesktop
2021-01-10 05:52 - 2021-01-21 04:30 - 000000000 ____D C:\ProgramData\Docker
2021-01-10 05:51 - 2021-02-03 15:40 - 000000000 ____D C:\Users\***\AppData\Local\Docker
2021-01-10 05:51 - 2021-01-10 05:57 - 000000000 ____D C:\Users\***\AppData\Roaming\Docker
2021-01-10 05:51 - 2021-01-10 05:51 - 000000000 ____D C:\Program Files\Docker
2021-01-10 05:11 - 2021-01-10 05:11 - 141026660 _____ C:\Users\***\Downloads\The Encyclopedia of Tentacles for Boys Vol.1.rar
2021-01-10 05:08 - 2021-01-10 05:08 - 050003965 _____ C:\Users\***\Downloads\[Little Camp Buddy][Regression Mod][Caiman][14dayPreAlpha] (1).zip
2021-01-10 05:08 - 2021-01-10 05:08 - 019015980 _____ C:\Users\***\Downloads\[Little Camp Buddy][Caiman]Felix Voices Normalized.zip
2021-01-10 05:02 - 2021-01-10 05:02 - 001082048 _____ C:\Users\***\Downloads\PSST-pc.zip
2021-01-10 04:30 - 2021-01-10 04:31 - 042228792 _____ C:\Users\***\Downloads\PSST-part1.rar
2021-01-10 04:26 - 2021-01-10 04:31 - 351453457 _____ C:\Users\***\Downloads\DannysnewHome GoP EN-1.0-pc.rar
2021-01-10 04:18 - 2021-01-10 04:19 - 000000000 ____D C:\Users\***\AppData\Local\tyranoscript
2021-01-10 04:17 - 2021-01-10 04:18 - 456342100 _____ C:\Users\***\Downloads\Virtualboy02-WINC.zip
2021-01-10 04:13 - 2021-01-10 04:13 - 043991574 _____ C:\Users\***\Downloads\Hantu_Laut-1.0-all.zip
2021-01-10 04:00 - 2021-01-10 04:00 - 000000000 ____D C:\Users\***\Downloads\Lewd House Build
2021-01-10 03:59 - 2021-01-10 03:59 - 057087475 _____ C:\Users\***\Downloads\Lewd House Build.zip
2021-01-10 03:37 - 2021-01-10 03:37 - 050003965 _____ C:\Users\***\Downloads\[Little Camp Buddy][Regression Mod][Caiman][14dayPreAlpha].zip
2021-01-10 03:35 - 2021-01-10 03:42 - 524288000 _____ C:\Users\***\Downloads\Infight Kids - The Gazmend Saga.zip.001
2021-01-10 03:32 - 2021-01-10 03:32 - 000000000 ____D C:\Users\***\AppData\Local\jungle
2021-01-10 03:31 - 2021-01-10 03:31 - 056013246 _____ C:\Users\***\Downloads\windows-x64-LostJungle-0-1hotfix.7z
2021-01-10 03:31 - 2021-01-10 03:31 - 000739172 _____ C:\Users\***\Downloads\Mansion Management_early_alpha_v0-2_hotfix (1).html
2021-01-10 03:27 - 2021-01-10 03:27 - 000464403 _____ C:\Users\***\Downloads\EnterLink V2 0.5 Test.html
2021-01-10 03:24 - 2021-01-10 03:24 - 000016565 _____ C:\Users\***\Downloads\discipline.zip
2021-01-09 22:05 - 2021-01-09 22:05 - 000000000 ____D C:\Users\***\AppData\Local\enchant
2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Alchemyst Tale
2021-01-09 01:21 - 2021-01-09 01:21 - 000000000 ____D C:\Users\***\AppData\LocalLow\Night Games
2021-01-08 22:31 - 2021-01-08 22:31 - 604110848 _____ C:\Users\***\OneDrive\Documents\Windows.iso
2021-01-08 22:18 - 2021-01-08 22:38 - 000000000 ____D C:\ESD
2021-01-08 22:18 - 2021-01-08 22:18 - 000000000 ___HD C:\$Windows.~WS
2021-01-08 22:17 - 2021-01-08 22:17 - 000000000 ____D C:\$WINDOWS.~BT
2021-01-08 22:15 - 2021-01-09 22:05 - 000000000 ____D C:\Users\***\AppData\Roaming\HexChat
2021-01-08 22:14 - 2021-01-08 22:14 - 010471352 _____ (HexChat ) C:\Users\***\Downloads\HexChat 2.14.3 x64.exe
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\source
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\AppData\Local\IdentityNexusIntegration
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2021-01-08 22:14 - 2021-01-08 22:14 - 000000000 ____D C:\Program Files\HexChat
2021-01-08 22:13 - 2021-01-13 06:04 - 000000000 ____D C:\Users\***\AppData\Local\.IdentityService
2021-01-08 22:13 - 2021-01-08 22:14 - 000000000 ____D C:\Users\***\OneDrive\Documents\Visual Studio 2019
2021-01-08 22:13 - 2021-01-08 22:13 - 000001803 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2019.lnk
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\3082
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\2052
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1055
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1049
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1046
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1045
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1042
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1041
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1040
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1036
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1033
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1031
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1029
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\SysWOW64\1028
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\3082
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\2052
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1055
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1049
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1046
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1045
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1042
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1041
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1040
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1036
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1033
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1031
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1029
2021-01-08 22:13 - 2021-01-08 22:13 - 000000000 ____D C:\Windows\system32\1028
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Users\***\.dotnet
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\NuGet
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2021-01-08 22:12 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files\dotnet
2021-01-08 22:11 - 2021-01-08 22:12 - 000000000 ____D C:\Program Files (x86)\dotnet
2021-01-08 22:11 - 2021-01-08 22:11 - 000001802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019.lnk
2021-01-08 22:11 - 2021-01-08 22:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2021-01-08 22:10 - 2021-01-13 06:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Visual Studio Setup
2021-01-08 22:10 - 2021-01-13 06:03 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2021-01-08 22:10 - 2021-01-13 06:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\vstelemetry
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft Visual Studio
2021-01-08 22:10 - 2021-01-08 22:10 - 000000000 ____D C:\Users\***\AppData\Local\ServiceHub
2021-01-08 22:09 - 2021-01-08 22:09 - 000000000 ____D C:\ProgramData\Microsoft Visual Studio
2021-01-08 14:05 - 2021-01-08 14:05 - 000000000 ____D C:\Users\***\AppData\Local\INetHistory
2021-01-08 11:18 - 2021-01-08 12:03 - 085533426 _____ C:\Users\***\Downloads\The Alchemyst Tale - Installer.rar
2021-01-08 04:00 - 2021-01-08 04:00 - 001184178 _____ C:\Users\***\Downloads\Kml Military bases.kml
2021-01-08 00:09 - 2021-01-08 00:10 - 006865541 _____ C:\Users\***\Downloads\Git Compiled (10-21-2020) (1).rar
2021-01-07 23:12 - 2021-01-07 23:12 - 000000000 ____D C:\Users\***\AppData\LocalLow\President Studio
2021-01-07 23:07 - 2021-01-07 23:07 - 000000000 ____D C:\Users\***\.prefs
2021-01-07 08:13 - 2021-01-07 08:13 - 199590012 _____ C:\Users\***\Downloads\Aphrodisia-0.5.5-pc.zip
2021-01-07 08:11 - 2021-01-07 08:11 - 030546372 _____ C:\Users\***\Downloads\Rock-Paper-Strip-1.0-pc.zip
2021-01-05 17:53 - 2021-02-03 01:00 - 000000000 ____D C:\Users\***\OneDrive\Documents\Mount and Blade II Bannerlord
2021-01-04 19:40 - 2020-11-11 03:54 - 000167280 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-02-03 15:44 - 2020-12-10 19:11 - 000000000 ____D C:\Users\***\AppData\Roaming\TS3Client
2021-02-03 15:42 - 2020-12-12 11:16 - 000000000 ____D C:\Users\***\AppData\Roaming\Code
2021-02-03 15:41 - 2020-12-19 17:43 - 000000000 ____D C:\Users\***\AppData\Roaming\discord
2021-02-03 15:41 - 2020-12-10 19:36 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-03 15:40 - 2021-01-02 14:08 - 000000000 ____D C:\Users\***\AppData\Local\LogMeIn Hamachi
2021-02-03 15:40 - 2020-12-12 07:41 - 000000000 ____D C:\ProgramData\FAHClient
2021-02-03 15:39 - 2020-12-11 20:15 - 000003092 _____ C:\Windows\system32\Tasks\GPU Tweak II
2021-02-03 15:39 - 2020-12-11 02:56 - 000000000 ____D C:\Users\***
2021-02-03 15:39 - 2020-12-11 02:51 - 001162008 _____ C:\Windows\system32\wpbbin.exe
2021-02-03 15:39 - 2020-12-11 02:51 - 001122840 _____ C:\Windows\system32\AsusUpdateCheck.exe
2021-02-03 15:39 - 2020-12-11 02:51 - 000008192 ___SH C:\DumpStack.log.tmp
2021-02-03 15:39 - 2020-12-11 02:51 - 000000000 ____D C:\ProgramData\ASUS
2021-02-03 15:39 - 2020-11-19 00:41 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-03 15:39 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-03 15:39 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-02-03 15:35 - 2020-12-20 19:48 - 000000000 ____D C:\Users\***\AppData\LocalLow\Temp
2021-02-03 14:32 - 2020-12-11 02:57 - 000000000 ____D C:\Users\***\AppData\Local\Packages
2021-02-03 14:07 - 2020-12-11 02:57 - 001724774 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-03 14:07 - 2020-12-11 01:33 - 000746378 _____ C:\Windows\system32\perfh007.dat
2021-02-03 14:07 - 2020-12-11 01:33 - 000154146 _____ C:\Windows\system32\perfc007.dat
2021-02-03 14:07 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-02-03 14:06 - 2020-12-24 15:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-02-03 13:54 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-03 13:54 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-02-03 13:53 - 2020-11-19 00:41 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-03 01:32 - 2020-12-10 20:29 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-02-03 01:26 - 2020-12-10 19:57 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2021-02-03 01:25 - 2020-12-10 22:12 - 000000000 ____D C:\Users\***\AppData\Local\CrashDumps
2021-02-03 00:52 - 2020-12-10 19:18 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2021-02-03 00:46 - 2020-12-10 23:07 - 000000000 ____D C:\Users\***\OneDrive\Documents\ShareX
2021-02-02 22:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-02 21:44 - 2020-12-10 19:03 - 000000000 ____D C:\Users\***\AppData\Local\PlaceholderTileLogoFolder
2021-02-02 21:33 - 2021-01-01 19:53 - 000000000 ____D C:\Users\***\AppData\Roaming\Stormworks
2021-02-02 14:54 - 2020-12-12 06:23 - 000000000 ____D C:\Users\***\OneDrive\Documents\Paradox Interactive
2021-01-31 19:39 - 2020-11-19 00:45 - 000000000 ____D C:\ProgramData\Packages
2021-01-31 16:08 - 2020-12-22 16:45 - 000000000 ____D C:\Users\***\AppData\Roaming\npm-cache
2021-01-30 20:11 - 2020-11-19 00:44 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\***\OneDrive\Documents\Twine
2021-01-29 19:04 - 2020-12-29 23:46 - 000000000 ____D C:\Users\***\AppData\Roaming\Twine
2021-01-28 18:45 - 2020-12-11 14:20 - 000004232 _____ C:\Windows\system32\Tasks\Opera GX scheduled Autoupdate 1607692819
2021-01-28 18:45 - 2020-12-11 14:20 - 000001438 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2021-01-28 18:43 - 2020-12-10 22:13 - 000000000 ____D C:\Users\***\AppData\Roaming\.minecraft
2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\ProgramData\Origin
2021-01-27 20:17 - 2020-12-15 19:28 - 000000000 ____D C:\Program Files (x86)\Origin
2021-01-26 22:16 - 2020-12-17 21:52 - 000000000 ____D C:\Users\***\AppData\Local\Arma 3 Launcher
2021-01-26 22:02 - 2020-12-17 22:02 - 000000000 ____D C:\Users\***\AppData\Local\Arma 3
2021-01-25 04:50 - 2020-12-12 00:17 - 000000000 ____D C:\Users\***\AppData\Roaming\RenPy
2021-01-24 15:56 - 2020-12-13 06:59 - 000000000 ____D C:\Users\***\AppData\Local\JDownloader 2.0
2021-01-23 21:33 - 2020-12-18 13:09 - 000000000 ____D C:\RAGEMP
2021-01-23 19:57 - 2020-12-11 02:52 - 000000000 ____D C:\Users\***\AppData\Local\Disc_Soft_Ltd
2021-01-22 10:49 - 2020-12-10 18:58 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-21 23:18 - 2020-12-10 19:36 - 000000000 ____D C:\Users\***\AppData\Local\NVIDIA Corporation
2021-01-21 21:37 - 2020-12-14 16:54 - 000000000 ____D C:\Users\***\OneDrive\Documents\My Games
2021-01-21 17:28 - 2020-12-10 19:00 - 000000000 ____D C:\Program Files (x86)\LightingService
2021-01-21 17:28 - 2020-12-10 18:59 - 000000000 ____D C:\Program Files\ASUS
2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-21 17:28 - 2020-12-10 18:57 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-01-19 21:49 - 2020-11-19 00:44 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-19 21:49 - 2020-11-19 00:44 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-19 20:04 - 2020-12-11 00:03 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-01-19 01:31 - 2020-12-19 17:43 - 000000000 ____D C:\Users\***\AppData\Local\SquirrelTemp
2021-01-18 14:34 - 2020-11-19 00:41 - 000440880 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-18 14:32 - 2020-12-26 04:08 - 000000000 ____D C:\Program Files\Hyper-V
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-18 14:32 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-18 14:32 - 2019-12-07 15:45 - 000000000 ____D C:\Windows\system32\Drivers\en-GB
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\F12
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Com
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\IME
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-01-18 14:32 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-16 20:15 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\OneDrive\Documents\Rockstar Games
2021-01-16 20:14 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\AppData\Local\Rockstar Games
2021-01-15 15:58 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-01-15 15:56 - 2020-11-19 00:43 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2021-01-15 15:53 - 2020-12-13 18:08 - 000000000 ____D C:\Windows\system32\MRT
2021-01-15 15:52 - 2020-12-13 18:08 - 135062968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-01-15 03:37 - 2020-12-26 04:05 - 000000000 ____D C:\Users\***\.VirtualBox
2021-01-15 02:11 - 2020-12-26 04:05 - 000000000 ____D C:\Users\***\VirtualBox VMs
2021-01-15 01:49 - 2020-12-26 04:05 - 000000000 ____D C:\ProgramData\VirtualBox
2021-01-14 21:51 - 2020-12-13 13:15 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2021-01-14 19:58 - 2020-12-20 19:45 - 000025342 _____ C:\Users\***\Downloads\verdi.pdf
2021-01-14 16:46 - 2020-12-31 22:07 - 000000000 ____D C:\Users\***\OneDrive\Documents\BeamNG.drive
2021-01-12 00:00 - 2020-12-13 06:02 - 000000000 ____D C:\ProgramData\AMD AutoUpdate
2021-01-11 12:47 - 2020-12-24 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-10 23:50 - 2020-12-11 02:58 - 000000000 ___RD C:\Users\***\OneDrive
2021-01-10 23:50 - 2020-12-10 20:00 - 000000000 ____D C:\Users\***\OneDrive\Documents\3DMark
2021-01-10 05:52 - 2020-11-19 03:50 - 001499136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vfpext.sys
2021-01-10 05:52 - 2020-11-19 03:50 - 001115448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxcore.sys
2021-01-10 05:52 - 2020-11-19 03:50 - 000405824 _____ (Microsoft Corporation) C:\Windows\system32\vmprox.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\vmvpci.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000320000 _____ (Microsoft Corporation) C:\Windows\system32\vfpctrl.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000199168 _____ (Microsoft Corporation) C:\Windows\system32\wsl.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000158208 _____ (Microsoft Corporation) C:\Windows\system32\hnsdiag.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000122168 _____ (Microsoft Corporation) C:\Windows\system32\vmsifcore.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000109384 _____ (Microsoft Corporation) C:\Windows\system32\vmwpevents.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\wslconfig.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000079168 _____ (Microsoft Corporation) C:\Windows\system32\vmwpctrl.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\bash.exe
2021-01-10 05:52 - 2020-11-19 03:50 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\vfpapi.dll
2021-01-10 05:52 - 2020-11-19 03:50 - 000027960 _____ (Microsoft Corporation) C:\Windows\system32\vmsifproxystub.dll
2021-01-10 05:52 - 2020-11-19 03:49 - 000206152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2021-01-10 05:52 - 2020-11-19 03:49 - 000175416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000260616 _____ (Microsoft Corporation) C:\Windows\system32\hcsdiag.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000222008 _____ (Microsoft Corporation) C:\Windows\system32\NetMgmtIF.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000151352 _____ C:\Windows\system32\nmscrub.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000142648 _____ (Microsoft Corporation) C:\Windows\system32\nmbind.exe
2021-01-10 05:52 - 2019-12-07 10:09 - 000129336 _____ (Microsoft Corporation) C:\Windows\system32\vmvirtio.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000123704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbkmclr.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000107048 _____ (Microsoft Corporation) C:\Windows\system32\p9np.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000091152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\p9rdr.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000081208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\p9np.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000061240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pvhdparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000058888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\l2bridge.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000049192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000041784 _____ (Microsoft Corporation) C:\Windows\system32\NvAgent.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000039440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\passthruparser.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000037112 _____ (Microsoft Corporation) C:\Windows\system32\sbresources.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000036152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocketcontrol.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000031544 _____ (Microsoft Corporation) C:\Windows\system32\vmcomputeeventlog.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000027448 _____ (Microsoft Corporation) C:\Windows\system32\VrdUmed.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000021304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hnswfpdriver.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000015880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lxss.sys
2021-01-10 05:52 - 2019-12-07 10:09 - 000012816 _____ (Microsoft Corporation) C:\Windows\system32\f989b52d-f928-44a3-9bf1-bf0c1da6a0d6_HyperV-DeviceVirtualization.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\d4d78066-e6db-44b7-b5cd-2eb82dce620c_HyperV-ComputeLegacy.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012600 _____ (Microsoft Corporation) C:\Windows\system32\c4d66f00-b6f0-4439-ac9b-c5ea13fe54d7_HyperV-ComputeCore.dll
2021-01-10 05:52 - 2019-12-07 10:09 - 000012304 _____ (Microsoft Corporation) C:\Windows\system32\07409496-a423-4a3e-b620-2cfb01a9318d_HyperV-ComputeNetwork.dll
2021-01-09 22:05 - 2021-01-01 15:31 - 000000000 ____D C:\ProgramData\NeoFly
2021-01-09 21:45 - 2021-01-01 15:28 - 000000000 ____D C:\Users\***\AppData\Local\Deployment
2021-01-08 22:58 - 2020-12-20 21:44 - 000201286 _____ C:\Users\***\Downloads\Lebenslauf ***.pdf
2021-01-08 22:38 - 2020-12-11 02:50 - 000000000 ____D C:\Windows\Panther
2021-01-08 22:13 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-01-08 22:11 - 2020-12-13 14:12 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-01-08 14:01 - 2020-12-10 19:01 - 000000000 ____D C:\Users\***\AppData\Local\Comms
2021-01-05 17:24 - 2021-01-02 20:44 - 000000000 ____D C:\Users\***\AppData\Local\FlightSimulator

==================== Files in the root of some directories ========

2021-02-02 20:04 - 2021-02-02 20:04 - 000000757 _____ () C:\Users\***\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
         
--- --- ---

Alt 03.02.2021, 20:15   #8
M-K-D-B
/// TB-Ausbilder
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Schritt 1
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    DeleteQuarantine:
    Unlock: C:\FRST
    Reboot:
    End::
             
  • Starte nun FRST und klicke direkt den Reparieren Button.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.








Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 03.02.2021, 22:07   #9
Dafot
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2021
Ran by ****(03-02-2021 22:00:19) Run:2
Running from C:\Users\****/Desktop
Loaded Profiles: ****
Boot Mode: Normal
==============================================

fixlist content:
*****************
DeleteQuarantine:
Unlock: C:\FRST
Reboot:

*****************

"C:\FRST\Quarantine" => removed successfully
"C:\FRST" => was unlocked


The system needed a reboot.

==== End of Fixlog 22:00:19 ====
         
Alles gelesen, danke für schnelle und gute Hilfe

Alt 04.02.2021, 10:55   #10
M-K-D-B
/// TB-Ausbilder
 
Windows 10:Trojan:Win32/Ymacco.AA84 - Standard

Windows 10:Trojan:Win32/Ymacco.AA84



Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Thema geschlossen

Themen zu Windows 10:Trojan:Win32/Ymacco.AA84
.dll, adware, blockiert, browser, computer, defender, explorer, firewall, geforce, helper, home, internet, internet explorer, nvidia, scan, security, server, software, tcp, temp, trojan, trojaner, udp, virus, windows, wmi



Ähnliche Themen: Windows 10:Trojan:Win32/Ymacco.AA84


  1. Windows Defender findet Trojan:Win32/Vigorf.A & Trojan:Win32/Azden.A!cl
    Alles rund um Windows - 11.01.2018 (12)
  2. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  3. Windows 7: Viren: BrowserModifier:Win32/CouponRuc und Trojan:Win32/Peals!gfs evtl. weitere
    Log-Analyse und Auswertung - 31.01.2015 (9)
  4. Windows Defender: Problem beim Entfernen von Trojan:Win32/Necurs.A und Trojan:WinNT/Necurs.A unter Windows 7
    Log-Analyse und Auswertung - 11.04.2014 (52)
  5. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  6. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  7. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  8. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  9. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  10. Virenfund: Trojan.Win32.zapchast.acwq und Trojan.Win32.small.bmrh
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (27)
  11. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  12. Trojaner: Trojan-PSW.Win32.Coced.219 sowie Trojan-BNK.Win32.Keylogger.gen
    Log-Analyse und Auswertung - 24.01.2012 (42)
  13. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  14. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  15. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  16. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  17. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 29.11.2005 (1)

Zum Thema Windows 10:Trojan:Win32/Ymacco.AA84 - Hey. Jemand hat mir Link zu einem Torrent geschickt mit einem Spiel und meinte ich soll es mir mal ausprobieren..normalerweise halte ich mich ja von solchem Kram fern, ich hab - Windows 10:Trojan:Win32/Ymacco.AA84...
Archiv
Du betrachtest: Windows 10:Trojan:Win32/Ymacco.AA84 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.